This article assumes that the Virtual Server is already configured and is accessible from external interfaces such as the WAN. In this example, the Virtual server is configured as follows:
config firewall vip
  edit "VirtualServer"
    set type server-load-balance
    set server-type tcp
    set extip 100.64.100.100
    set extintf "wan1"
    set monitor "Ping-Monitor"
    set ldb-method round-robin
    set extport 8080
    config realservers
      edit 1
        set ip 192.168.10.2
        set port 80
      next
      edit 2
        set ip 192.168.10.3
        set port 80
      next
    end
  next
end
For information on how to configure a virtual server, refer to the following article:Â Technical Tip: Configure a virtual server.
Â
If the Client machine with IP 192.168.10.100 needs to connect to the virtual server using the external IP address 100.64.100.100, The following changes need to be applied.
Step 1: Change the external interface in the VIP to 'any'.
config firewall vip
  edit "VirtualServer"
    set extintf "any"
  next
end
This is required to allow the object to be referenced in the next step.
Step 2: Configure a Firewall policy in proxy mode and set the destination to be the Virtual server object.
 config firewall policy
  edit 29
    set name "Test Virtual Server"
    set uuid 3260d4f2-4e46-51f1-849a-ab15ca94a9f0
    set srcintf "port1"
    set dstintf "port1"
    set action accept
    set srcaddr "all"
    set dstaddr ""Test Virtual Server" <----- Reference the Virtual server object (VIP).
    set schedule "always"
    set service "ALL"
    set inspection-mode proxy <----- This is mandatory.
    set logtraffic all
    set nat enable
  next
end
 Related documents: | 
