Skip to main content
Marcelo_Clementeen
Marcelo_Clementeen
New Member
November 8, 2016
Question

Configure four IPs public same wan

  • November 8, 2016
  • 1 reply
  • 5316 views
Hi...
I have a problem sleeping. I tried everything and could not configure. 
Here in the company has a dedicated link with 5 public IPs with the gateway 200.222.166.1 coming out of the same E1, connected in port2 of the 200G fortigate 
and port1 connected in the Switch. 
I need to configure each IP of this for different servers. In the same WAN (port2), Example: IP 200.222.166.10 for server 192.168.1.10, 200.222.166.11 for 192.168.1.11 .... 
anyone can help me. Thank you!

 

    1 reply

    Iescudero
    Iescudero
    New Member
    November 8, 2016

    Hello!

    You have to create a Virtual IP and then applied it on a firewall policy for accesing those servers from Internet.

     

    This is just an Example through CLI:

     

    1) Create the Virtual IP

    config firewall vip edit "SERVER1" set extip 200.222.166.10 set extintf "port2" set mappedip "192.168.1.10" next

    edit "SERVER2" set extip 200.222.166.11 set extintf "port2" set mappedip "192.168.1.11" next

    edit "SERVER3" set extip 200.222.166.12 set extintf "port2" set mappedip "192.168.1.12" next

    edit "SERVER4" set extip 200.222.166.13 set extintf "port2" set mappedip "192.168.1.13" next

    edit "SERVER5" set extip 200.222.166.14 set extintf "port2" set mappedip "192.168.1.14" next

    end

     

     

     

    2) Then create a Firewall policy ( I think is better one policy for each VIP)

     

    config firewall policy

    edit 1 set srcintf "port2" set dstintf "port1" set srcaddr "all" set dstaddr "SERVER1"" set action accept set schedule "always" set service "ALL" set logtraffic disable next

    edit 2 set srcintf "port2" set dstintf "port1" set srcaddr "all" set dstaddr "SERVER2"" set action accept set schedule "always" set service "ALL" set logtraffic disable next

    edit 3 set srcintf "port2" set dstintf "port1" set srcaddr "all" set dstaddr "SERVER3"" set action accept set schedule "always" set service "ALL" set logtraffic disable next

    edit 4 set srcintf "port2" set dstintf "port1" set srcaddr "all" set dstaddr "SERVER4"" set action accept set schedule "always" set service "ALL" set logtraffic disable next

    edit 5 set srcintf "port2" set dstintf "port1" set srcaddr "all" set dstaddr "SERVER5""

    set action accept set schedule "always" set service "ALL" set logtraffic disable next

     

    Obviously, there's a serious risk when you put your servers to Internet, so be carefull and think everything twice. 

     

    hope it helps!!

     

     

    tanr
    tanr
    New Member
    November 8, 2016

    You may want to set match-vip enable on those security policies.

    See https://forum.fortinet.com/tm.aspx?m=112129 for some discussion about it.

    Terms & ConditionsAccessibility statement