1. Creating three virtual IPs

2. Adding the virtual IPs to a VIP group

3. Creating a security policy

4. Results

Using port forwarding on a FortiGate unitThis example illustrates how to use virtual IPs to configure port forwarding on a FortiGate unit, which redirects traffic from one port to another. In this example, incoming connections from the Internet are allowed access to a server on the internal network by opening TCP ports in the range 7882 to 7999 and UDP ports 2119 and 2995.

Open TCP ports 7882-7999,UDP port 2119 and 2995 for traffic from the Internet to the server

Internet

FortiGate

Server

Creating three virtual IPsGo to Firewall Objects > Virtual IPs > Virtual IPs.

Enable Port Forwarding and add a virtual IP using TCP protocol with the range 7882-7999.

Create a second virtual IP for the UDP port 2119.

Create a third a virtual IP for the UDP port 2995.

Adding virtual IPs to a VIP groupGo to Firewall Objects > Virtual IPs > VIP Groups.

Create a VIP group that includes all three virtual IPs.

Creating a security policyGo to Policy > Policy > Policy.

Create a security policy allowing inbound connections to the server from the Internet. Set the Destination Address as the new VIP group.

ResultsGo to Policy > Monitor > Policy Monitor to see the active sessions.

Select the blue bar for more information on a session.

Go to Log & Report > Traffic Log > Forward Traffic to see the logged activity.

Select an entry for more information about the session.