VIP
 config firewall vip
     edit " VIP_DMZ_dns" 
         set extip 11.22.33.44
         set extintf " port2" 
         set mappedip 192.168.7.84
     next
 end
 
 
 -------------
 config firewall policy:
 
 WAN->DMZ
 -------------
     edit 56
         set srcintf " port2" 
         set dstintf " port5" 
         set srcaddr " all"              
         set dstaddr " VIP_DMZ_dns" 
         set action accept
         set schedule " always" 
         set service " DNS"              
         set logtraffic enable
     next
     edit 215
         set srcintf " port2" 
         set dstintf " port5" 
         set srcaddr " ITcompany"              
         set dstaddr " DMZ_LAN"              
         set action accept
         set status disable   # activate ONLY if necessary!
         set schedule " always" 
         set service " sshservices"              
         set logtraffic enable
         set comments " 4 maintenance from ext service" 
     next
 
 
 DMZ -> WAN
 -------------
     edit 87
         set srcintf " port5" 
         set dstintf " port2" 
         set srcaddr " DMZ_LAN"              
         set dstaddr " EXT_ntpservers"              
         set action accept
         set schedule " always" 
         set service " NTP"              
         set logtraffic enable
         set comments " external NTP servers" 
         set nat enable     # necessary
     next
 
 internal->DMZ
 -------------
     edit 96
         set srcintf " port1" 
         set dstintf " port5" 
         set srcaddr " nameservers"              
         set dstaddr " DMZ_nameservers" 
         set action accept
         set schedule " always" 
         set service " DNS"  " sshservices"              
         set logtraffic enable
         set comments " 4 dns sync" 
     next
					
				
			
			
				Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2677 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.