EasyManua.ls Logo

Fortinet Fortigate-5000 series - Page 264

Fortinet Fortigate-5000 series
458 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
FortiGate Version 3.0 MR4 Administration Guide
264 01-30004-0203-20070102
Configuring virtual IPs Firewall Virtual IP
3 Use the following procedure to add a virtual IP that allows users on the Internet to
connect to a web server on the DMZ network. In our example the external
interface of the FortiGate unit is connected to the Internet and the dmz1 interface
is connected to the DMZ network.
Figure 158:Virtual IP options; load balancing virtual IP
4 Select OK.
To add a load balance virtual IP for an IP address range to a firewall policy
Add a external to dmz1 firewall policy that uses the virtual IP so that when users
on the Internet attempt to connect to the web server IP address packets pass
through the FortiGate unit from the external interface to the dmz1 interface. The
virtual IP translates the destination address of these packets from the external IP
to the dmz network IP addresses of the web servers.
1 Go to Firewall > Policy and select Create New.
2 Configure the firewall policy:
Name Load_Bal_VIP
External Interface external
Type Load Balance or Server Load Balance
External IP address/Range The Internet IP address of the web server.
The external IP address must be a static IP address obtained
from your ISP for your web server. This address must be a
unique IP address that is not used by another host and
cannot be the same as the IP address of the external
interface the virtual IP will be using. However, the external IP
address must be routed to the selected interface. The virtual
IP address and the external IP address can be on different
subnets. When you add the virtual IP, the external interface
responds to ARP requests for the external IP address.
Map to IP/IP Range (Load
Balance type)
The IP address of the servers on the internal network. Define
the range by entering the first address of the range in the first
field and the last address of the range in the second field.
Real Servers (Server Load
Balance type)
If you select Server Load Balancing for the VIP type, enter
the real server IP addresses. For details about real server
settings, see “Configuring virtual IPs” on page 255.
Source Interface/Zone external
Source Address Name All (or a more specific address)
Destination Interface/Zone dmz1
Destination Address Name Load_Bal_VIP
Schedule always

Table of Contents

Related product manuals