Fortigate VIP with and without port forwarding

Forum|Forum|4 years ago
March 26, 2022
2 replies
4867 views

Hi. I have a question to the community. What is the difference in creating VIP (NATting) with port forwarding and without port forwarding? If i VIP all service without port forwarding does that mean all services are exposed to the internet? Hope someone can have a clear explanation on this as I am quite confused about this matter. Thank you in advance!

FortiGate

Best answer by ede_pfau

One more difference is that a host-forwarding VIP will work even for port-less protocols. Like ICMP.

Not all protocols are created equal.

Toshi_Esumi

SuperUser

Simple answer is without specific port forwarding it's called host mapping because everything destined to the external IP will be forwarded to one local/internal IP/host.
With port forwarding, you can forward different port to different host, like HTTP/HTTPS go to host-A, and RDP goes to host-B, and so on.

Toshi

ede_pfauAnswer

SuperUser

One more difference is that a host-forwarding VIP will work even for port-less protocols. Like ICMP.

Not all protocols are created equal.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded