Hi !
I have a Fortigate 90d model, and i have to open ports like 6080, 1433 and 1434. I wish that those ports to be open only to a single internal IP address
What should I do for make this simple task ?
Non-port forwarding VIPs and port-forwarding VIPs to the same destination address are mutually exclusive!
Think of a non-port forwarding VIP as forwarding ALL ports, including the single port you already have defined in a port-forwarding VIP. Imagine traffic arriving for that destination port - which VIP should then respond?
This is ambiguous and as such not allowed.
@George:
just define one VIP for each port you want to expose to the public interface (I'm assuming that is what you meant). To facilitate the policy, group those VIPs into a VIP group and use that as the destination address in the policy.
Pretty straight forward and easy.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
