TCP or UDP both not both) to an internal server, set up a Virtual IP with Port Forwarding enabled for that port (or range of ports) and protocol, then use that VIP as the destination in a WAN to LAN IPv4 policy. 8080-8099), that are of the same single protocol type (e.g. 443), or a range of consecutive ports (e.g.
SSL-VPN or IPsec VPN towards your FGT will send traffic to your WAN address as well - which will be forwarded completely to your internal server if you don't port-forward.
The trivial VIP shown above can of course be tested by pinging your WAN address.Īnd while you do that, you notice why you might need port forwarding. As ping is neither TCP nor UDP, and doesn't use ports. One caveat: you cannot test a port-forwarding VIP with ping. The port specified should match the (custom) service you specify in the policy. when you plan to allow several services into your LAN/DMZ, you make the VIP a port-forwarding VIP. Source address: all (you don't know in advance) To bring a VIP into effect, you use it in an inbound policy: The object you need to create is called "Virtual address" or VIP in FortiOS. Say you want to forward traffic to public WAN address 1.1.1.1 to your internal server at 192.168.14.1.
0 kommentar(er)
