# config system interfaceThere is a VIP also configured having the same external IP as EMAC-VLAN interface.
edit "emac-FGT"
set vdom "root"
set ip 192.168.1.30 255.255.255.0
set allowaccess ping https ssh http
set type emac-vlan
set snmp-index 13
set interface "Uplink"
next
end
# config firewall vipWhen traffic initiates from source IP 192.168.1.20 to access 192.168.1.30 for SSH access, FortiGate responds with the MAC address of parent interface "Uplink"
edit "VIP-192.168.1.30_rdp"
set extip 192.168.1.30
set extintf "any"
set portforward enable
set mappedip "192.168.10.2"
set extport 3389
set mappedport 3389
next
end
# config firewall vip2) Disable arp-reply in VIP.
edit "VIP-192.168.1.30_rdp"
set extip 192.168.1.30
set extintf "any" <----- Replace this with 'emac-FGT'.
set portforward enable
set mappedip "192.168.10.2"
set extport 3389
set mappedport 3389
next
end
# config firewall vip
edit "VIP-192.168.1.30_rdp"
set extip 192.168.1.30
set extintf "any"
set arp-reply disable <----- Disable it.
set portforward enable
set mappedip "192.168.10.2"
set extport 3389
set mappedport 3389
next
end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.