Today I was reading fortigate DNAT virtual IPs and I got confused related this theory, Can anyone make me understand with regard to it. please refer the snapshot there is minor difference in this release.
In the screenshot, it is referring to two ways of creating VIP.
1st one is Virtual IP with Service. In this option you can select the Service for example :HTTP (TCP-80) and then Map that to different port internally if you would like to (using port forwarding) or you can disable port forwarding so it doesn't change the DST port when forwarding the traffic to mapped IP address.
2nd one is Virtual IP with port forwarding and here you are not defining the service using the option filters and hence if you would like to perform port forwarding you need to define "External service port" and the "Map to IPv4 port". If you don't use Port forwarding, Firewall will not change the destination port of the incoming traffic and forward it to the new Mapped IP without changing the port.
I am not sure if this clarifies your concern, if not please reply back and someone could help you.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.