Port-Forwarding same ip different port

Welcome to the forums When you create the VIP (virtual IP) definitions, check off the port forward option, and select the port to send over.

Thanks for your reply ! Probably I wasn' t clear enough ! I have a Mail Server, which has a public IP (let' s say 2.2.2.2), which is connected to the DMZ port (let' s say 2.2.2.1). Those IP addresses are part of a subnet block (let' s say) 2.2.2.0/29, which is routed to the Fortinet. So I have access to the Mail Server from Internet. I have a Firewall Policy (wan1 -> dmz) to allow connections to port 25/TCP for SMTP. And, obviously, it' s working. But, I want to receive SMTP connections to port 2525/TCP too (redirected to port 25/TCP), without make any adjustments in my Mail Server. So, I can receive SMTP connections in both ports (transparently). I can do that with IPTABLES in Linux Based Firewall, using a simple PREROUTING Rule: iptables -t nat -A PREROUTING -p tcp -d 2.2.2.2 --dport 2525 -j DNAT --to-destination 2.2.2.2:25 How can I do it with Fortinet ?

I' ve tested it, and It doesn' t work. If I put 2.2.2.2 on both External IP and Mapped IP. The 2.2.2.2 doesn' t respond any connection, not even 25/TCP.

Ok, so it have to be a private address to work? Because my Mail Server has the 2.2.2.2 (public), as I told you, I have the subnet block 2.2.2.0/29 routed to the Fortinet. So, the whole block is in the DMZ.

@hserna: stupid Q: - did you put a Policy in place ext:all -> dmz:VIP / allow (DST-Addr in the Policy would be the VIP you have created) -R.

Of course ! Don' t get me wrong, but I have about 4 years of experience with Fortinet. I' ve try it in some many ways. But none had ever worked. But yesterday I needed it again, so I give a try asking in the forum. Have anyone ever try it ? There are several cases: 1. Same Public IP (already asigned and routed in the DMZ), different ports: Port 2.2.2.2:2525 redirected to 2.2.2.2:25 2. Different Public IPs (already asigned and routed in the DMZ), same port: Port 2.2.2.2:25 redirected to 2.2.2.3:25 3. Same mapped IP (public <-> private, using VIP), different ports: Port 2.2.2.2:2525 redirected to 192.168.1.2:25 Where 2.2.2.2 is already a VIP (Static NAT) of 192.168.1.2 4. Different mapped IPs (public <-> private, using VIP), same port: Port 2.2.2.2:25 redirected to 192.168.1.3:25 Where 2.2.2.2 is already a VIP (Static NAT) of 192.168.1.2 Where 2.2.2.3 is already a VIP (Static NAT) of 192.168.1.3 I' ve never make this 4 cases work. But, as I told earlier, I can make it work with IPTABLES (Linux). So, I think it have to be a way of doing it. I really appreciate your time and pacience.

When I Create the Port-Forwaring in Case #3, it says " A duplicate already exists" . Note: There' s already a VIP (Static NAT) 2.2.2.2 -> 192.168.1.2 So, for the Case #3, we have to create an aditional rule (port-forwarding): 2.2.2.2:2525 -> 192.168.1.2:25