Skip to main content
Antti
Antti
New Member
January 9, 2019
Question

Port forwarding from IP-range to single IP

  • January 9, 2019
  • 2 replies
  • 14876 views

Hi,

 

I'm quite new to the world of FortiGate.

 

I need to forward traffic from IP-range to specific ports of certain device.

(Everything from IP 123.123.123.XXX --> 192.192.192.123 TCP 111, 222 and UDP 111, 222)

 

What is the best way to do this? At the first glance with the VIPs I would be have to make four digit number of rules.

The firewall in use is FortiGate 60E

 

-Antti

 

 

    2 replies

    anasalomari
    anasalomari
    New Member
    January 9, 2019

    Hello,

     

    You need to create 2 VIP objects one for each port .

    then create VIP group, after that add these objects to that group.

    finaly, apply policy to the VIP group.

     

    Anas

     

    GusTech
    GusTech
    New Member
    January 9, 2019

    You solve this with virtual IP. Yes, i would be nice to attach more ports at the same vip rule. Now you need one for each if its not in same range. But, you can group them in one vip group.

     

    Antti
    AnttiAuthor
    New Member
    January 9, 2019

    Thank you for the answers.

     

    My problem here is that the incoming connection isn't an specific ip, but IP range 123.123.123.0-123.123.123.255. And all of them should point to single IP. If I set the external IP to range xxx.xxx.xxx.0-xxx.xxx.xxx.255 the mapped IP must be .0 - .255 also. But I need it to point single IP. Is this sovled using source address filter or something similar?

    Terms & ConditionsAccessibility statement