Firewall Virtual IP Virtual IP Groups
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102 267
5 Set the External IP Address to 0.0.0.0.
The 0.0.0.0 External IP Address matches any IP address.
6 Enter the External Service Port number for which to configure dynamic port
forwarding.
The external service port number must match the destination port of the packets
to be forwarded. For example, if the virtual IP provides PPTP passthrough access
from the Internet to a PPTP server, the external service port number should be
1723 (the PPTP port).
7 Enter the Map to IP address to which to map the external IP address. For
example, the IP address of a PPTP server on an internal network.
8 Enter the Map to Port number to be added to packets when they are forwarded.
Enter the same number as the External Service Port if the port is not to be
translated.
9 Select OK.
Virtual IP Groups
You can create virtual IP groups to facilitate firewall policy traffic control. For
example, on the DMZ interface, if you have two email servers that use Virtual IP
mapping, you can put these two VIPs into one VIP group and create one external-
to-DMZ policy, instead of two policies, to control the traffic.
Viewing the VIP group list
To view the virtual IP group list, go to Firewall > Virtual IP > VIP Group.
Figure 160:VIP Group list
The VIP group list has the following icons and features:
Create New Select to add a new VIP group. See “Configuring VIP groups” on
page 268.
Group Name The name of the virtual IP group.
Members Lists the group members.
Interface Displays the interface that the VIP group belongs to.
Delete icon Remove the VIP group from the list. The Delete icon only appears if the
VIP group is not being used in a firewall policy.
Edit icon Edit the VIP group information, including the group name and
membership.
To Next Page
Loading...
Need help?
General