How to create Port forwarding policy based on FQDN

Question

Hi.  I have recently purchased a Fortigate WiFi 60C.  I am very impressed with the unit and I understand that it should be able to do what I want to do.    I am wondering if someone could help me with my configuration.    I have 1 static Public IP address a requirement to do port forwarding based on the " incoming"  FQDN.  I have internal servers/services that use the same port (443) and since I only have 1 IP address I need to direct the incoming request based on FQDN.  I am currently able to do this with Microsoft Forefront TMG, but I' d like to move this over to my Fortigate.     Any assistance on this would be most appreciated.    Thanks  Rob

stephen_ren_FTNT · Answer

Hi,       You can register the domain name on the DNS server on the internet, then config a vip on the fortigate,mapping the public ip to your internal server ip address with port forwarding(for example port80 forward to port443).    a config example:  config firewall vip      edit " vip-test"           set arp-reply disable          set extip x.x.x.x(public ip)          set extintf " port1"           set portforward enable          set mappedip y.y.y.y(internal ip)          set extport 80          set mappedport 443      next  end    config firewall policy      edit 3          set srcintf " port1"           set dstintf " port2"               set srcaddr " any"                set dstaddr " vip-test"            set action accept          set schedule " always"               set service " ANY"                set nat enable      next

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded