Double NAT: combining IP pool with virtual IP
Firewall Virtual IP
FortiGate Version 4.0 Administration Guide
384
01-400-89802-20090424
Figure 236: New Dynamic IP Pool
Double NAT: combining IP pool with virtual IP
When creating a firewall policy, you can use both IP pool and virtual IP for double IP
and/or port translation.
For example, in the following network topology:
•
Users in the 10.1.1.0/24 subnet use port 8080 to access server 172.16.1.1.
•
The server’s listening port is 80.
•
Fixed ports must be used.
Figure 237: Double NAT
To allow the local users to access the server, you can use fixed port and IP pool to allow
more than one user connection while using virtual IP to translate the destination port from
8080 to 80.
To create an IP pool
1
Go to
Firewall > Virtual IP > IP Pool
.
Name
Enter the name of the IP pool.
Interface
Select the interface to which to add an IP pool.
IP Range/Subnet
Enter the IP address range for the IP pool. The IP range defines the start and
end of an address range. The start of the range must be lower than the end of
the range. The start and end of the IP range does not have to be on the same
subnet as the IP address of the interface to which you are adding the IP pool.
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...