FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mmontes
Staff
Staff
Article Id 198754
Purpose
This article describes how to access to an internal server via WAN2 port.


Diagram
kb.jpg

Expectations, Requirements
User 192.168.40.50 should be able to access to the internal server 192.168.40.180 via public IP address 200.87.58.150 on WAN1 interface.
Configuration

1) Send out the internet traffic from IP segment 192.168.40.0/24 via WAN2 interface:

# config router policy

    edit 1
        set dst 0.0.0.0/0.0.0.0
        set src 192.168.40.0/24
        set input-device lan
        set output-device wan2
        set gateway 189.201.100.23
    end
end

2) VIP configuration:

# config firewall vip

    edit "Internal_Server"
        set extip 200.87.58.150
        set extintf "wan1"
        set portforward enable
        set mappedip "192.168.40.180"
        set extport 443
        set mappedport 443
    end
end

3) PC and Internal Server are located in same LAN segment.

# config router policy

    edit 1
        set dst 192.168.40.180/32
        set src 192.168.40.0/24
        set input-device lan
        set output-device lan
    end
end

4) Allow traffic from LAN IP segment 192.168.40.0/24 to internet via WAN2 interface:

# config firewall policy

    edit 10
        set srcintf "lan"
        set dstintf "wan2"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set nat enable
    end
end


Contributors