Multi Wan Address

Question

Hello,   I forget about the Forigate 60d (fortios 5.6) and I can not configure several external IP addresses (on the same WAN interface). The fault WAN is configured with an external address (46.20.145.200). I have 4 other external IP addresses that I would like to use to NAT on different internal server, for example: 46.20.145.202 - 192.168.1.201 (Special Port 23587) 46.20.145.203 - 192.168.1.202 (https) 46.20.145.204 - 192.168.1.203 (https) etc ...  Idea?   Thanks

ede_pfau · Accepted Answer

You can have only 1 non-portforwarding VIP for one external address but multiple if you port-forward.

If you create multiple VIPs to reach multiple internal servers or one server via multiple services then you may create a VIP group and use this as the 'destination address' in the policy. It's a bit cleaner.

ede_pfau · Answer

hi,

and welcome to the forums!

You can easily use the other public addresses by creating one VIP per address on the 'wan' interface. Now, create a policy with source IF 'wan', destination IF 'myVIP', addresses and the rest to your liking. The FGT will react on behalf of the internal host, that is, act as an arp proxy. From external hosts, a VIP on the FGT will exactly look like a 'real' host.

I would recommend not to use a port-forwarding VIP if you don't have to. A 'full' VIP will only exchange the destination address in each packet to the 'mapped' address; ports are unchanged. So, ping (portless protocol) will work as well, for testing.

If you want to narrow the port down then create a custom service and use that in the policy.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded