(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Kerio and Fortigate Reseller
Printer Friendly Version

Fortinet Firewall Virtual IP's


2007/04/18

I found this a little confusing, so am documenting it here in case you run into the same problem.

The first task is to define a virtual IP. You give it a name, and its interface is "wan1" (or "wan2" of course). It's Static NAT, and unfortunately you apparently have to enter an actual IP. I have a DHCP assigned WAN, which will change whenever there is a power failure, so I had hoped to be able to use 0.0.0.0 (for any address), but that didn't work for me. The mapped IP is the internal address you want to go to. In my case, this was a machine in the DMZ, so my first thought was that a WAN1 to DMZ policy was all that would be needed but that's not the case: you need to specifically include the VIP name in the "Address Name".


Hate these ads?

In my case, the whole thing ended up looking like this:


config firewall vip
edit "Linuxvip"
set extip 72.74.91.107
set mappedip 10.10.10.2
set extintf "wan1"
next
end

...

config firewall policy

set srcintf "wan1"
set dstintf "dmz"
set srcaddr "all"
set dstaddr "Linuxvip"
set action accept
set schedule "always"
nameset service "SSH"
next


Technorati tags:    

Comments /Fortinet/vip.html


Add your comments

Enter your email address for automatic notification of new posts here
(be sure to whitelist 'feedburner.com' if you use spam filtering)

Or use any RSS reader

Delivered by FeedBurner


M3IP inc.
Views for this page
Today This Week This Month This Year  Overall
715110860 8,030

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.

Publishing your articles here

pavatar.jpg
More:
       - Security
       - Networking
       - Fortinet




Unix/Linux Consultants


UBB Computer Services Support for Openserver, Unixware and Linux. Windows integration with Unix/Linux servers. Hardware, Backup and Networking issues. Located near Sacramento CA, we provide onsite support throughout Northern CA and Nationwide via remote access. We are a SCO Authorized Partner and a Microlite BackupEdge Certified Reseller.


http://bcstechnology.net Full service Linux & UNIX systems integrator; Windows to UNIX/Linux Client-Server Specialist; Secure E-Mail & Website Hosting; Thoroughbred Software Developer; Custom Industrial Automation; Hardware & Electronics Experts; In Business Since 1985.


http://www.breakthru.com.au SCO (Openserver and Unixware), Unix, Solaris and Linux Consulting services including: Secure Networking Solutions; Linux based Firewalls; Backup Solutions; Secure Home to Office Network Setup; Phone, Remote and On-Site Support available - Satisfaction Guaranteed!


Your ad here - $24.00 yearly!
Twitter
  • May 12 16:04
    Hmmm.. think I'm doing something at the gym that is hurting my neck.. not sure what.. I'll have to eliminate something for a few days to see
  • May 12 05:02
    It's not good to sound annoyed with customers:






Coming Attractions

My Favorites

Change Congress

Related Posts