FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article explains how to access the natted server internally with the Public IP/Virtual IP.
Step 1: Configure VIP
Log in to the GUI and go to Policy & Objects > Objects > Virtual IPs > Create new, set the following parameters:
Name: Give any friendly name, for example: Virtual IP. Interface: “Any” External IP: “Public IP/Virtual IP of the Server”, for example: 126.96.36.199 (WAN1) Mapped IP: “Private IP/Internal IP of the Server”, for example: 192.168.1.10 Port Forwarding needs to be checked if the port is to be specified.
Step 2: Configure Policy
Incoming Interface : Wan1 Source Address : All Outgoing Interface : Internal Destination Address: Virtual IP Service: HTTP (Specify the service to be used to access the server).
If NAT is selected, the source address is changed to the internal interface address. Normally, you would not want to perform source NAT since this has the effect of hiding the actual source address of the sessions.
Step 3: Configure Policy Route
Router > Static > Policy route > Create new >
Incoming Interface: Internal (select the local LAN interface) Source Address: Specify the Local LAN Network Destination Address: Specify the VIP configured "LOCAL IP" Outgoing Interface: Internal (select the VIP server's local interface) No Gateway is Required
Move the created policy route to the top of existing policy route.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.