+------+ WAN1 ****** +------+
| FG_A | <------ **INTERNET** | FG_B |
+------+ ------> ****** -------> +------+
# config firewall vip
edit "redirectWAN"
set extip [wan1_ip-address]
set extintf "wan1"
set portforward enable
set mappedip "[remote_public_IP]"
set extport [service_port]
set mappedport [service_port]
next
end
# config firewall policy3) Configure a policy route to force all traffic meant for that service to return to the Internet:
edit [policy_ID]
set srcintf "wan1"
set dstintf "wan1"
set srcaddr "all"
set dstaddr "redirectWAN"
set action accept
set schedule "always"
set service "[service]"
set nat enable
next
end
# config router policy
edit 1
set input-device "wan1"
set src "0.0.0.0/0.0.0.0"
set dst "[wan1_ip-address]/255.255.255.255"
set protocol 6
set start-port [service_port]
set end-port [service_port]
set gateway [wan1_DG]
set output-device "wan1"
next
end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.