Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Access to an app from outside
Hello guys,
I am new to fortinet, and a junior IT
I need help with something please.
I have an app on a server and I need people access to it from outside. I have no idea how to do it.
When I test it internal, it works.
Thank you for your help
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Myrella,
and welcome to the forums.
You can access internal hosts (or only certain ports on it) from outside via ' Virtual IP' . This a a firewall object that translates and externally used IP address into an internal one (so, it does Destination NAT).
Follow these steps:
1. Create a VIP
ext address: (your FGT' s public IP)
ext port: <port number used by your app>
mapped to addr: <internal IP of server>
mapped to port: <same port number as above>
port forwarding: enable
2. Create an incoming policy to make the VIP work
src interface: wan1
src addr: 0.0.0.0/0
dest int: internal
dest addr: your_new_VIP
service: <corresponding to mapped port>
action: accept
Please note that you cannot test server access with ' ping' if using port forwarding.
You could as well NOT use port forwarding if you have more than one public IP address.
Please try this and let us know how it worked.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you so much ede_pfau
Yes it works :)

So grateful.
On more question. How can I make it a name like myapps.com what is better than a IP address
Thank you again



Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is the best document to explain how to implement FortiDDNS
http://docs-legacy.fortinet.com/cb/recipes/associating-a-domain-name-with-an-interface-that-has-a-dynamic-IP.pdf
That will be me then!!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IP address and name (FQDN) are connected via DNS. DNS are run by ISPs.
So, if your public IP address is static (does not change over time) then your ISP should be able to make a DNS entry for you.
If your public IP address is dynamic (i.e. is assigned to you randomly and changeing every 24 hours or so) then you can use " Dynamic DNS" to associate a name with this address.
From FortiOS v5 on Fortinet offers a DDNS service for free - that is, as long as you have a paid support contract. Nothing is for free.
There are many other service providers on the Net that offer DDNS services for a small fee. One of the best known is dyndns.org (dyn.com).
You configure your FQDN (fully qualified domain name, like ' myservice.dyndns.org' ) and your account information in the FGT config. Please see the document cited by Jonathan for details. You can use FortiDDNS or any other provider, as you like.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good evening Ede,
Didn' t try it yet, but I will.
Thank you very much for everything
Myrella
