FortiGate Version 3.0 MR4 Administration Guide
266 01-30004-0203-20070102
Configuring virtual IPs Firewall Virtual IP
4 Select OK.
To add a load balance virtual IP for an IP address range to a firewall policy
Add a external to dmz1 firewall policy that uses the virtual IP so that when users
on the Internet attempt to connect to the web server IP address packets pass
through the FortiGate unit from the external interface to the dmz1 interface. The
virtual IP translates the destination address of these packets from the external IP
to the dmz network IP addresses of the web servers.
1 Go to Firewall > Policy and select Create New.
2 Configure the firewall policy:
3 Select NAT.
4 Select OK.
Adding dynamic virtual IPs
Adding a dynamic virtual IP is similar to adding a virtual IP. The difference is that
the External IP address must be set to 0.0.0.0 so the External IP address matches
any IP address.
To add a dynamic virtual IP
1 Go to Firewall > Virtual IP > Virtual IP.
2 Select Create New.
3 Enter a name for the dynamic virtual IP.
4 Select the virtual IP External Interface from the list.
The external interface is connected to the source network and receives the
packets to be forwarded to the destination network.
Select any firewall interface or a VLAN subinterface.
Real Servers If you select Server Load Balancing for the VIP type, enter
the real server IP addresses. For details about real server
settings, see “Configuring virtual IPs” on page 255.
Port Forwarding Selected
Protocol TCP
External Service Port The ports that traffic from the Internet will use. For a web
server, this will typically be port 80.
Map Port The ports on which the server expects traffic. Define the
range by entering the first port of the range in the first field
and the last port of the range in the second field. If there is
only one port, leave the second field blank.
Source Interface/Zone external
Source Address Name All (or a more specific address)
Destination Interface/Zone dmz1
Destination Address Name Load_Bal_VIP_port_forward
Schedule always
Service HTTP
Action ACCEPT
To Next Page
Loading...
Need help?
General