Created on 04-06-2023 09:36 PM Edited on 01-31-2024 05:20 AM By Jean-Philippe_P
Description | This article describes how to configure port forwarding in policy-based mode. |
Scope | FortiGate. |
Solution |
In policy-based mode, it is not necessary to put the VIP in the 'destination' field of a firewall policy. As long as the VIP is in place, FortiGate will perform port forwarding accordingly. In this example, it is configured to forward port 22 to 10.0.0.1.
To create a VIP object, go to Policy & Objects -> DNAT & Virtual IPs and select 'Create New'.
It is also necessary to make sure that there is an allowed policy under SSL Inspection & Authentication. Otherwise, the traffic will hit the implicit deny rule. In the example below, the ‘Default’ policy is allowing any to any.
Below is the debug flow output showing that the traffic is being NATed from 10.9.31.3 to 10.0.0.1 correctly. Policy-1 represents the ‘Default’ policy.
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.