Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
segursystem
New Contributor

Created on ‎08-24-2023 03:43 AM

Virtual IP External IP to Mapped ip range

Hello, thanks for your time in reading my message.

Maybe I have not enough experience with Fortigate. I'm trying to create a Virtual IP where from one external IP to two differents mapped IP in my LAN.

I don't know if this is possible as I receive an error when I define range.

 

Please, see attached image for clarity and thanks again for helping

 

 

Regards

 

virtualip-doubt.png

 

Labels:
1793
0 Kudos
1 Solution
pminarik
Staff
Staff

Created on ‎08-24-2023 04:52 AM

You will need a load-balance type VIP, which isn't selectable from the GUI, so this needs to be configured in the CLI:

 

config firewall vip

    edit "wwewe"

        set type load-balance

        set extintf any

        set extip 195.55.255.150

        set mappedip 192.168.10.55-192.168.10.59

        set portforward enable
        set protocol udp

        set extport 2000

        set mappedport 2000

end

[ corrections always welcome ]

View solution in original post

1757
5 REPLIES 5
srajeswaran
Staff
Staff

Created on ‎08-24-2023 04:00 AM

Type Static NAT means its one to one mapping. The number of address in External IP address/range should be equal to the Mapped IP address range.

 Thats the reason for the error you are seeing.

For the configuration you are trying, it looks like load balancing . Are you trying to load balance traffic hitting on 195.55.255.150 port 2000 to 192.168.10.55-192.168.10.59 ? If so please check the following article https://community.fortinet.com/t5/FortiGate/Technical-Tip-Setting-up-a-VIP-load-balance-with-HTTP-ho...

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

1776
0 Kudos
segursystem
New Contributor
In response to srajeswaran

Created on ‎08-24-2023 04:34 AM

Thank you for your reply Suraj.

 

Actually, I think it's simpler since my intention is to open port 2001 to two computers, without the need for load balancing. Maybe I'm taking the wrong path.

 

Thanks again

1765
0 Kudos
seshuganesh
Staff
Staff
In response to segursystem

Created on ‎08-29-2023 02:39 AM

You can achieve this using the virtual server instead of port forwarding:

https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/713497/virtual-server

Here you can define one external IP and two real servers and configure load balancing as per your requirement

1696
0 Kudos
pminarik
Staff
Staff

Created on ‎08-24-2023 04:52 AM

You will need a load-balance type VIP, which isn't selectable from the GUI, so this needs to be configured in the CLI:

 

config firewall vip

    edit "wwewe"

        set type load-balance

        set extintf any

        set extip 195.55.255.150

        set mappedip 192.168.10.55-192.168.10.59

        set portforward enable
        set protocol udp

        set extport 2000

        set mappedport 2000

end

[ corrections always welcome ]
1758
segursystem
New Contributor
In response to pminarik

Created on ‎08-28-2023 11:30 PM

Hi pminarik

 

Thanks, I'll test it and give feedback

 

Regards

1708
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.