Fortimanager Central DNAT VIP Policy Load balance

Forum|Forum|3 years ago
June 21, 2022
2 replies
1950 views

Good day,

What is the difference, when creating a Central DNAT VIP policy in Fortimanager, between "Static NAT" type and "Load balance" type?

The documentation is a bit sparse...

Thanks.

Fortimanager

markwarner

Staff

This is more about FortiGate configuration than FortiManager, here's some relevant documentation for you:

https://docs.fortinet.com/document/fortigate/7.0.6/administration-guide/157796/vip-groups

https://community.fortinet.com/t5/FortiGate/Technical-Tip-VIP-creation-with-same-external-IP-and-mapped-IP/ta-p/190588

"The difference between static-nat and load-balance is that load-balance is used to balance the traffic between different Servers behind a FortiGate.

But if only one-to-one DNAT mapping is used, it will work the same way."

jgrimm77Author

New Member

Hi Mark,

Thanks for the response.

I've had no issue distinguishing between the two and working with them on FortiGate but it seems to be different in FortiManager. I see no way of implementing Virtual Servers on FortiManager. The "load balance" option does not expose any functionality for multiple "inside" servers.

markwarner

Staff

It might be worth opening a TAC ticket for this.
I checked 6.4.7 and 7.0.4 VM's, Load Balance type didn't show up in 6.4 GUI but can be defined by installing a script to the ADOM DB. It looks like this was added in 7.0.

I only see options for configuring a single external IP/range but this applies to both FMG and FGT GUI.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded