Fortinet Firewall Virtual IP's 2007/04/18
I found this a little confusing, so am documenting it here in case you run into the same problem.
The first task is to define a virtual IP. You give it a name, and its interface is "wan1" (or "wan2" of course). It's Static NAT, and unfortunately you apparently have to enter an actual IP. I have a DHCP assigned WAN, which will change whenever there is a power failure, so I had hoped to be able to use 0.0.0.0 (for any address), but that didn't work for me. The mapped IP is the internal address you want to go to. In my case, this was a machine in the DMZ, so my first thought was that a WAN1 to DMZ policy was all that would be needed but that's not the case: you need to specifically include the VIP name in the "Address Name".
In my case, the whole thing ended up looking like this:
config firewall vip
edit "Linuxvip"
set extip 72.74.91.107
set mappedip 10.10.10.2
set extintf "wan1"
next
end
...
config firewall policy
set srcintf "wan1"
set dstintf "dmz"
set srcaddr "all"
set dstaddr "Linuxvip"
set action accept
set schedule "always"
nameset service "SSH"
next
Got something to add? Send me email.
(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Printer Friendly Version
-> -> Fortinet Firewall Virtual IP's
Increase ad revenue 50-250% with Ezoic
Inexpensive and informative Apple related e-books:
Take Control of Apple Mail, Third Edition
iOS 8: A Take Control Crash Course
Take control of Apple TV, Second Edition
Take Control of Preview
Are Your Bits Flipped?
More Articles by Anthony Lawrence
Find me on Google+
© 2009-11-07 Anthony Lawrence
Printer Friendly Version
Fortinet Firewall Virtual IP's Copyright © April 2007 Tony Lawrence
Have you tried Searching this site?
Support RatesThis is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.
Contact us
Printer Friendly Version