Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
soheil_amiri
New Contributor

Created on ‎11-04-2020 03:53 AM

DNAT and virtual IP

hi guys 

i am new in fortigate world, 

what is different between these two way of publishing a service :

1- publish a server with using filtering \services\HTTP

2- publishing a server using port forwarder

 

are both work the same way and manner ?

is there any technical benefit between them ?

Preview file
49 KB
2818
0 Kudos
1 Solution
boneyard
Valued Contributor

Created on ‎11-07-2020 12:15 AM

please change the second screenshot, it is just a lot of text code now.

 

as for the question, there won't be a noticeable difference on traffic handling i believe. there probably is a difference on a deeper level, but you would have to be able to look at the source code for that. i would guess that one get dropped earlier, but again for resulting behaviour no difference.

 

it does have an other effect though. the way with the filter make the IP address further unusable for other forwards to different IPs or ports. you have add HTTP for another port on the same IP, but if you want to also use the Virtual IP for port 25 to another internal IP then that won't be possible.

 

while with the port forwarding virtual IP you can make different connections on the same public IP.

 

View solution in original post

1978
0 Kudos
2 REPLIES 2
boneyard
Valued Contributor

Created on ‎11-07-2020 12:15 AM

please change the second screenshot, it is just a lot of text code now.

 

as for the question, there won't be a noticeable difference on traffic handling i believe. there probably is a difference on a deeper level, but you would have to be able to look at the source code for that. i would guess that one get dropped earlier, but again for resulting behaviour no difference.

 

it does have an other effect though. the way with the filter make the IP address further unusable for other forwards to different IPs or ports. you have add HTTP for another port on the same IP, but if you want to also use the Virtual IP for port 25 to another internal IP then that won't be possible.

 

while with the port forwarding virtual IP you can make different connections on the same public IP.

 

1979
0 Kudos
soheil_amiri
New Contributor
In response to boneyard

Created on ‎11-07-2020 04:50 AM

thanks for your answer, 

here is both picture 

Preview file
53 KB
1927
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.