using port forwarding on a fortigate unit
TRANSCRIPT
1. Creating three virtual IPs
2. Adding the virtual IPs to a VIP group
3. Creating a security policy
4. Results
Using port forwarding on a FortiGate unitThis example illustrates how to use virtual IPs to configure port forwarding on a FortiGate unit, which redirects traffic from one port to another. In this example, incoming connections from the Internet are allowed access to a server on the internal network by opening TCP ports in the range 7882 to 7999 and UDP ports 2119 and 2995.
Open TCP ports 7882-7999,UDP port 2119 and 2995 for traffic from the Internet to the server
Internet
FortiGate
Server
Creating three virtual IPsGo to Firewall Objects > Virtual IPs > Virtual IPs.
Enable Port Forwarding and add a virtual IP using TCP protocol with the range 7882-7999.
Create a second virtual IP for the UDP port 2119.
Create a third a virtual IP for the UDP port 2995.
Adding virtual IPs to a VIP groupGo to Firewall Objects > Virtual IPs > VIP Groups.
Create a VIP group that includes all three virtual IPs.
Creating a security policyGo to Policy > Policy > Policy.
Create a security policy allowing inbound connections to the server from the Internet. Set the Destination Address as the new VIP group.
ResultsGo to Policy > Monitor > Policy Monitor to see the active sessions.
Select the blue bar for more information on a session.
Go to Log & Report > Traffic Log > Forward Traffic to see the logged activity.
Select an entry for more information about the session.