Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
callebalik
New Contributor

Redirect a HTTP request to internal IP

Hi,

hope this is the right subforum to post this question.

 

I would like to redirect a certain HTTP request to an internal IP/PORT. Is this possible?

Our company has a QNAP/NAS running a web server on which we want to use as a sort of intraweb. Instead of accessing the page via its IP i would like to make the address more user friendly.

 

Thanks in advance,

Calle 

6 REPLIES 6
kyozloveyou_FTNT

If you want to access your internal NAS, from public/internet.

you may refer to:

v5.0: https://www.youtube.com/watch?v=XnfmGnjJpF0

v.5.2: [link]https://www.youtube.com/watch?v=CHA_4Gc9kEA[/link]

 

With this you may be able to access the NAS using your current public ip.

 

 

Ooi Soon Guan
callebalik
New Contributor

Thanks, but I know how to port forward and do not intend to open any ports for external access.

Maybe my question was a bit unclear. Let me specify.

 

I would like to tell my Fortigate 60D to redirect any requests to a specific address coming from from within our network to the NAS which is also located in the INTERNAL network. Similar to edit a computers HOSTS-file to redirect traffic. In that way create a virtual domain/address that only exists in our internal network and can only be accessed from within the network. 

 

The alternative is to cook up an applescript (since we are a design studio...) that will modify each computers HOSTS-file but that seems a bit blunt to me. 

ashukla_FTNT
Staff
Staff

callebalik wrote:

 

I would like to redirect a certain HTTP request to an internal IP/PORT. Is this possible?

Our company has a QNAP/NAS running a web server on which we want to use as a sort of intraweb. Instead of accessing the page via its IP i would like to make the address more user friendly.

 

 

It depends to what ip the address (name) resolves to.

Do you have internal dns and does it resolves the name to private ip?

If that is the case only policy and route needs to be present in firewall.

 

If the name resolves to public address then you will require vip to do destination nat.

 

Post the details and I am pretty sure it is easy to achieve. 

ede_pfau
Esteemed Contributor III

I think the OP doesn't have an internal DNS, or not on the FGT.

Easiest way would be to create a DNS on the FGT, with forwarding what it cannot resolve. But...that's not possible on all models, the FG-20C, 30B, 40C lack this feature.

 

He might use the "DNS translation" feature but I am not sure if it will work if there is no DNS response.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Dave_Hall
Honored Contributor

Yesterday, I started to reply with a possible DDNS/DNS translation solution, but felt it a bit silly :-)....the QNAP should already be accessible internally. (e.g. click on Start->Run->browse->network and see if the device shows up .)  

 

If Carl's company is running AD, they should be able to create a local dns record for the QNAP. 

 

The DNS Translation works with any dns query that crosses over an Interface -- KB# FD34099 shows this...

 

 

 

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

rwpatterson
Valued Contributor III

If you don't need the QNAP on the same interface, throw it on the DMZ (or another interface) and use a VIP.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com