Created on 12-01-2009 01:46 AM Edited on 12-16-2021 02:08 PM By Anonymous
Description
This article describes the steps to configure Virtual IPs (VIP) mapped from different public IP addresses on the same port to the same real server and same TCP ports.
The following diagram illustrates this example:
wan2
192.168.101.100 == [ FortiGate ] == dmz == Server 10.1.1.1 / TCP port 80
192.168.101.101
external TCP port
8080
Solution
CLI based configuration (only relevant parts are provided)
config firewall vip edit "public1" set extip 192.168.101.100 set extintf "wan2" set portforward enable set mappedip 10.1.1.1 set extport 8080 set mappedport 80 next edit "public2" set extip 192.168.101.101 set extintf "wan2" set portforward enable set mappedip 10.1.1.1 set extport 8080 set mappedport 80 next end config firewall vipgrp edit "all_public" set interface "wan2" set member "public1" "public2" next end config firewall policy edit 1 set srcintf "wan2" set dstintf "dmz" set srcaddr "all" set dstaddr "all_public" set action accept set schedule "always" set service "ANY" next end |
Related Articles
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.