Firewall Virtual IP
Double NAT: combining IP pool with virtual IP
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424
385
•
2
Select
Create New
.
3
Enter the following information and select
OK
.
To create a Virtual IP with port translation only
1
Go to
Firewall > Virtual IP > Virtual IP
.
2
Select
Create New
.
3
Enter the following information and select
OK
.
To create a firewall policy
Add an internal to dmz firewall policy that uses the virtual IP to translate the destination
port number and the IP pool to translate the source addresses.
1
Go to
Firewall > Policy
.
2
Select
Create New
.
3
Configure the firewall policy:
4
Select
NAT
.
5
Select
OK
.
Name
pool-1
Interface
DMZ
IP
Range/Subnet
10.1.3.1-10.1.3.254
Name
server-1
External
Interface
Internal
Type
Static NAT
External IP
Address/Range
172.16.1.1
Note this address is the same as the server address.
Mapped IP
Address/Range
172.16.1.1.
Port Forwarding
Enable
Protocol
TCP
External Service
Port
8080
Map to Port
80
Source Interface/Zone
internal
Source Address
10.1.1.0/24
Destination
Interface/Zone
dmz
Destination Address
server-1
Schedule
always
Service
HTTP
Action
ACCEPT
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...