# # Fortinet Firewall Virtual IP's
APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Fortinet Firewall Virtual IP's

I've removed advertising from most of this site and will eventually clean up the few pages where it remains.

While not terribly expensive to maintain, this does cost me something. If I don't get enough donations to cover that expense, I will be shutting the site down in early 2020.

If you found something useful today, please consider a small donation.



Some material is very old and may be incorrect today

© April 2007 Anthony Lawrence
2007/04/18

I found this a little confusing, so am documenting it here in case you run into the same problem.

The first task is to define a virtual IP. You give it a name, and its interface is "wan1" (or "wan2" of course). It's Static NAT, and unfortunately you apparently have to enter an actual IP. I have a DHCP assigned WAN, which will change whenever there is a power failure, so I had hoped to be able to use 0.0.0.0 (for any address), but that didn't work for me. The mapped IP is the internal address you want to go to. In my case, this was a machine in the DMZ, so my first thought was that a WAN1 to DMZ policy was all that would be needed but that's not the case: you need to specifically include the VIP name in the "Address Name".

In my case, the whole thing ended up looking like this:


config firewall vip
edit "Linuxvip"
set extip 72.74.91.107
set mappedip 10.10.10.2
set extintf "wan1"
next
end

...

config firewall policy

set srcintf "wan1"
set dstintf "dmz"
set srcaddr "all"
set dstaddr "Linuxvip"
set action accept
set schedule "always"
nameset service "SSH"
next


If you found something useful today, please consider a small donation.



Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

->
-> Fortinet Firewall Virtual IP's


Inexpensive and informative Apple related e-books:

Take Control of IOS 11

Take Control of Numbers

Take Control of Upgrading to El Capitan

Take Control of Preview

El Capitan: A Take Control Crash Course





More Articles by © Anthony Lawrence





Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us


Printer Friendly Version





If you ask "Should we be in space?" you ask a nonsense question. We are in space. We will be in space. (Frank Herbert)




Linux posts

Troubleshooting posts


This post tagged:

Fortinet

Networking

Security



Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode