Configuring virtual IPs Firewall Virtual IP
FortiGate Version 4.0 Administration Guide
372 01-400-89802-20090424
http://docs.fortinet.com/ • Feedback
4 Select OK.
The virtual IP appears in the virtual IP list.
5 To implement the virtual IP, select the virtual IP in a firewall policy.
For example, to add a firewall policy that maps public network addresses to a private
network, you might add an external to internal firewall policy and select the Source
Interface/Zone to which a virtual IP is bound, then select the virtual IP in the
Destination Address field of the policy. For details, see “Configuring firewall policies” on
page 323.
Adding a static NAT virtual IP for a single IP address
The IP address 192.168.37.4 on the Internet is mapped to 10.10.10.42 on a private
network. Attempts to communicate with 192.168.37.4 from the Internet are translated and
sent to 10.10.10.42 by the FortiGate unit. The computers on the Internet are unaware of
this translation and see a single computer at 192.168.37.4 rather than a FortiGate unit
with a private network behind it.
Figure 226: Static NAT virtual IP for a single IP address example
To add a static NAT virtual IP for a single IP address
1 Go to Firewall > Virtual IP > Virtual IP.
2 Select Create New.
3 Use the following procedure to add a virtual IP that allows users on the Internet to
connect to a web server on the DMZ network. In our example, the wan1 interface of the
FortiGate unit is connected to the Internet and the dmz1 interface is connected to the
DMZ network.
Figure 227: Virtual IP options: static NAT virtual IP for a single IP address
Name static_NAT
External Interface wan1
Type Static NAT
To Next Page
Loading...