Firewall Virtual IP Double NAT: combining IP pool with virtual IP
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424 385
http://docs.fortinet.com/ • Feedback
2 Select Create New.
3 Enter the following information and select OK.
To create a Virtual IP with port translation only
1 Go to Firewall > Virtual IP > Virtual IP.
2 Select Create New.
3 Enter the following information and select OK.
To create a firewall policy
Add an internal to dmz firewall policy that uses the virtual IP to translate the destination
port number and the IP pool to translate the source addresses.
1 Go to Firewall > Policy.
2 Select Create New.
3 Configure the firewall policy:
4 Select NAT.
5 Select OK.
Name pool-1
Interface DMZ
IP
Range/Subnet
10.1.3.1-10.1.3.254
Name server-1
External
Interface
Internal
Type Static NAT
External IP
Address/Range
172.16.1.1
Note this address is the same as the server address.
Mapped IP
Address/Range
172.16.1.1.
Port Forwarding Enable
Protocol TCP
External Service
Port
8080
Map to Port 80
Source Interface/Zone internal
Source Address 10.1.1.0/24
Destination
Interface/Zone
dmz
Destination Address server-1
Schedule always
Service HTTP
Action ACCEPT
To Next Page
Loading...