Configuring virtual IPs
Firewall Virtual IP
FortiGate Version 4.0 Administration Guide
372
01-400-89802-20090424
4
Select
OK
.
The virtual IP appears in the virtual IP list.
5
To implement the virtual IP, select the virtual IP in a firewall policy.
For example, to add a firewall policy that maps public network addresses to a private
network, you might add an external to internal firewall policy and select the Source
Interface/Zone to which a virtual IP is bound, then select the virtual IP in the
Destination Address field of the policy. For details, see
“Configuring firewall policies” on
.
Adding a static NAT virtual IP for a single IP address
The IP address 192.168.37.4 on the Internet is mapped to 10.10.10.42 on a private
network. Attempts to communicate with 192.168.37.4 from the Internet are translated and
sent to 10.10.10.42 by the FortiGate unit. The computers on the Internet are unaware of
this translation and see a single computer at 192.168.37.4 rather than a FortiGate unit
with a private network behind it.
Figure 226: Static NAT virtual IP for a single IP address example
To add a static NAT virtual IP for a single IP address
1
Go to
Firewall > Virtual IP > Virtual IP
.
2
Select
Create New
.
3
Use the following procedure to add a virtual IP that allows users on the Internet to
connect to a web server on the DMZ network. In our example, the wan1 interface of the
FortiGate unit is connected to the Internet and the dmz1 interface is connected to the
DMZ network.
Figure 227: Virtual IP options: static NAT virtual IP for a single IP address
Name
static_NAT
External Interface
wan1
Type
Static NAT
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...