Virtual IP with services

This example has one public external IP address and will be mapped with internal IP address. And specific service option enabled in VIP configuration.

VIP Object configuration.

1) Go to Policy & Objects -> Virtual IPs and select 'Create New' -> Virtual IP.

2) Set VIP Type to IPv4.

3) Enter a unique name for the virtual IP and fill in the other fields.

4) Configure the fields in the Network section. For example:

• Set Interface to any.
• Set External IP Address/Range to 10.5.59.66.
• Set Mapped IP Address/Range to 172.31.139.62.

5 )Enable Optional Filters and then enable Services.

6) In the Services field select '+' to display the Services pane.

7) In the Services pane select HTTPS,DNS.

8) Select 'OK '.

9) Apply the above virtual IP to the firewall policy.

To create a virtual IP with services From CLI.

       # config firewall vip
              edit "InternalServer"
              set service "HTTPS" "DNS"
              set extip 10.5.59.66
              set mappedip "172.31.139.62"
              set extintf "any"
       next
end

Policy configuration.

1) In Policy & Objects -> Firewall Policy and select 'Create New'.

To create a policy of virtual IP with services in the CLI.

       # config firewall policy

              edit 1
                     set name "Outside to Internal Server"
                     set uuid 14cdedbe-4ce6-51ec-e4eb-aeeee9d26f89
                     set srcintf "Test"
                     set dstintf "port2"
                     set srcaddr "all"
                     set dstaddr "InternalServer"
                     set action accept
                     set schedule "always"
                     set service "ALL"
              next

The results are:

1) Access 10.5.59.66:443 from external network and FortiGate maps to 172.31.139.62:443 in internal network.

2) Access 10.5.59.66:53 from external network and FortiGate maps to 172.31.139.62:53 in internal network.