FortiGate Version 3.0 MR4 Administration Guide
258 01-30004-0203-20070102
Configuring virtual IPs Firewall Virtual IP
To add a static NAT virtual IP for a single IP address to a firewall policy
Add a external to dmz1 firewall policy that uses the virtual IP so that when users
on the Internet attempt to connect to the web server IP address packets pass
through the FortiGate unit from the external interface to the dmz1 interface. The
virtual IP translates the destination address of these packets from the external IP
to the DMZ network IP address of the web server.
1 Go to Firewall > Policy and select Create New.
2 Configure the firewall policy:
3 Select NAT.
4 Select OK.
Adding a static NAT virtual IP for an IP address range
The IP address range 192.168.37.4-192.168.37.6 on the Internet is mapped to
10.10.10.42-10.10.123.44 on a private network. Packets from Internet computers
communicating with 192.168.37.4 are translated and sent to 10.10.10.42 by the
FortiGate unit. Similarly, packets destined for 192.168.37.5 are translated and
sent to 10.10.10.43, and packets destined for 192.168.37.6 are translated and
sent to 10.10.10.44. The computers on the Internet are unaware of this translation
and see three computers with individual IP addresses rather than a FortiGate unit
with a private network behind it.
Figure 152:Static NAT virtual IP for an IP address range example
To add a static NAT virtual IP for an IP address range
1 Go to Firewall > Virtual IP > Virtual IP.
2 Select Create New.
Source Interface/Zone external
Source Address Name All (or a more specific address)
Destination Interface/Zone dmz1
Destination Address Name simple_static_nat
Schedule always
Service HTTP
Action ACCEPT
To Next Page
Loading...
