Name: Fortinet FortiGate Series
Brand: Fortinet
Rating: 4 (1 reviews)

To Next Page

To Previous Page

Firewall Virtual IP Configuring virtual IPs

FortiGate Version 4.0 MR1 Administration Guide

01-410-89802-20090903 455

http://docs.fortinet.com/ • Feedback

4 Select OK.

To add a static NAT virtual IP for a single IP address to a firewall policy

Add a external to dmz1 firewall policy that uses the virtual IP so that when users on the

Internet attempt to connect to the web server IP address packets pass through the

FortiGate unit from the external interface to the dmz1 interface. The virtual IP translates

the destination address of these packets from the external IP to the DMZ network IP

address of the web server.

1 Go to Firewall > Policy and select Create New.

2 Configure the firewall policy:

3 Select NAT.

4 Select OK.

Adding a static NAT virtual IP for an IP address range

The IP address range 192.168.37.4-192.168.37.6 on the Internet is mapped to

10.10.10.42-10.10.123.44 on a private network. Packets from Internet computers

communicating with 192.168.37.4 are translated and sent to 10.10.10.42 by the FortiGate

unit. Similarly, packets destined for 192.168.37.5 are translated and sent to 10.10.10.43,

and packets destined for 192.168.37.6 are translated and sent to 10.10.10.44. The

computers on the Internet are unaware of this translation and see three computers with

individual IP addresses rather than a FortiGate unit with a private network behind it.

External IP

Address/Range

The Internet IP address of the web server.

The external IP address is usually a static IP address obtained from your

ISP for your web server. This address must be a unique IP address that is

not used by another host and cannot be the same as the IP address of the

external interface the virtual IP will be using. However, the external IP

address must be routed to the selected interface. The virtual IP address and

the external IP address can be on different subnets. When you add the

virtual IP, the external interface responds to ARP requests for the external IP

address.

Mapped IP

Address/Range

The IP address of the server on the internal network. Since there is only one

IP address, leave the second field blank.

Source Interface/Zone external

Source Address All (or a more specific address)

Destination Interface/Zone dmz1

Destination Address simple_static_nat

Schedule always

Service HTTP

Action ACCEPT

Fortinet FortiGate Series Administration Guide

Table of Contents

Other manuals for Fortinet FortiGate Series

Questions and Answers:

Fortinet FortiGate Series Specifications

Related product manuals

Brand	Fortinet
Model	FortiGate Series
Category	Firewall
Language	English