Skip to main content
m_skrobanek
m_skrobanek
New Member
September 16, 2013
Question

Portforwarding dynamic IP Adress

  • September 16, 2013
  • 3 replies
  • 9947 views
Hello, i try to forward the Port 443 in my fortigate. I would like to use OWA for my Exchange Server. We have no static IP Address and i would like to know it is possible to forward a external changing IP Address. In my config i set the parameters: External IP: 0.0.0.0 (i try it also with the actual ip address from the wan 1 interface) internal IP: 192.168.100.x (internal interface) external Port: 443 internal Port: 443 internal IP Adress: SBS2011 Server-Address I hope you can help me. Thanks a lot.

    3 replies

    Carl_Wallmark
    Carl_Wallmark
    New Member
    September 16, 2013
    Hi, It seems correct. Dont forget the firewall policy as well.
    m_skrobanek
    m_skrobanekAuthor
    New Member
    September 18, 2013
    Hi, thanks for your answer. The firewall policy is created. I used the predefined https service to forward port 443. Unfortunatly it doesnt work. I also try to forward to other IP' s in the network which have a https service. Such like printers etc. Always the same sh..
    rwpatterson
    rwpatterson
    New Member
    September 18, 2013
    Welcome to the forums. To forward a public IP address to an inside address in your network, you need to use Virtual IP addresses (VIPs). You define the VIP to map the outside address and port to the inside server address and port. You then use this as the destination in your policy. The FGT will proxy ARP any traffic bound to that socket and pass it through IF the policy matches. I have to add: The FGT will treat 0.0.0.0 as an address here, so it can be used as the source in the VIP definition.
    m_skrobanek
    m_skrobanekAuthor
    New Member
    October 1, 2013
    That' s it!!!! Thanks for your help. After many try i made it. And it is only a little thing which was changed in the new OS Versions. In the past the destination-adress could insert in this way you choose the Servername in the drop down menu which you give previously a IP address in the menu Firewall/Firewall Objects. NOW!!! you set the parameters for the VIP and after that you choose in the " policy options" in the field destination address (drop down menu) the name of the VIP or VIP-Group. Not the entry of the Firewall Object. ;)
    Terms & ConditionsAccessibility statement