Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
soheil_amiri
New Contributor

Created on ‎11-04-2020 03:53 AM

DNAT and virtual IP

hi guys 

i am new in fortigate world, 

what is different between these two way of publishing a service :

1- publish a server with using filtering \services\HTTP

2- publishing a server using port forwarder

 

are both work the same way and manner ?

is there any technical benefit between them ?

publish HTTP service.JPG
Preview file
49 KB
3630
0 Kudos
1 Solution
boneyard
Valued Contributor

Created on ‎11-07-2020 12:15 AM

please change the second screenshot, it is just a lot of text code now.

 

as for the question, there won't be a noticeable difference on traffic handling i believe. there probably is a difference on a deeper level, but you would have to be able to look at the source code for that. i would guess that one get dropped earlier, but again for resulting behaviour no difference.

 

it does have an other effect though. the way with the filter make the IP address further unusable for other forwards to different IPs or ports. you have add HTTP for another port on the same IP, but if you want to also use the Virtual IP for port 25 to another internal IP then that won't be possible.

 

while with the port forwarding virtual IP you can make different connections on the same public IP.

 

View solution in original post

2790
0 Kudos
2 REPLIES 2
boneyard
Valued Contributor

Created on ‎11-07-2020 12:15 AM

please change the second screenshot, it is just a lot of text code now.

 

as for the question, there won't be a noticeable difference on traffic handling i believe. there probably is a difference on a deeper level, but you would have to be able to look at the source code for that. i would guess that one get dropped earlier, but again for resulting behaviour no difference.

 

it does have an other effect though. the way with the filter make the IP address further unusable for other forwards to different IPs or ports. you have add HTTP for another port on the same IP, but if you want to also use the Virtual IP for port 25 to another internal IP then that won't be possible.

 

while with the port forwarding virtual IP you can make different connections on the same public IP.

 

2791
0 Kudos
soheil_amiri
New Contributor
In response to boneyard

Created on ‎11-07-2020 04:50 AM

thanks for your answer, 

here is both picture 

publish port forwarder.JPG
Preview file
53 KB
2732
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.