Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mhrth
New Contributor III

Fortigate VIP with and without port forwarding

Hi. I have a question to the community. What is the difference in creating VIP (NATting) with port forwarding and without port forwarding? If i VIP all service without port forwarding does that mean all services are exposed to the internet? Hope someone can have a clear explanation on this as I am quite confused about this matter. Thank you in advance!

2 Solutions
Toshi_Esumi
Esteemed Contributor II

Simple answer is without specific port forwarding it's called host mapping because everything destined to the external IP will be forwarded to one local/internal IP/host.
With port forwarding, you can forward different port to different host, like HTTP/HTTPS go to host-A, and RDP goes to host-B, and so on.

 

Toshi

View solution in original post

ede_pfau
Esteemed Contributor III

One more difference is that a host-forwarding VIP will work even for port-less protocols. Like ICMP.

Not all protocols are created equal.


Ede

"Kernel panic: Aiee, killing interrupt handler!"

View solution in original post

2 REPLIES 2
Toshi_Esumi
Esteemed Contributor II

Simple answer is without specific port forwarding it's called host mapping because everything destined to the external IP will be forwarded to one local/internal IP/host.
With port forwarding, you can forward different port to different host, like HTTP/HTTPS go to host-A, and RDP goes to host-B, and so on.

 

Toshi

ede_pfau
Esteemed Contributor III

One more difference is that a host-forwarding VIP will work even for port-less protocols. Like ICMP.

Not all protocols are created equal.


Ede

"Kernel panic: Aiee, killing interrupt handler!"