Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.

Fortigate 7.2.X document || DNAT ||

Hi All,


Today I was reading fortigate DNAT virtual IPs and I got confused related this theory, Can anyone make me understand with regard to it. please refer the snapshot there is minor difference in this release.

Virtual IP with services.JPGVirtual IPs with port forwarding.JPG




Hi @Umesh 

Thanks for posting your query


As the screenshot you have attached fields seems to be same in both the screenshot.

Can you elaborate what is the confusion you have regarding the VIP configuration.

or any confusion for creating a group for different VIP you are creating individually






In the screenshot, it is referring to two ways of creating VIP.


1st one is Virtual IP with Service. In this option you can select the Service for example :HTTP (TCP-80) and then Map that to different port internally if you would like to (using port forwarding) or you can disable port forwarding so it doesn't change the DST port when forwarding the traffic to mapped IP address. 


2nd one is Virtual IP with port forwarding and here you are not defining the service using the option filters and hence if you would like to perform port forwarding you need to define "External service port" and the "Map to IPv4 port". If you don't use Port forwarding, Firewall will not change the destination port of the incoming traffic and forward it to the new Mapped IP without changing the port.


I am not sure if this clarifies your concern, if not please reply back and someone could help you.


Best Regards,

Top Kudoed Authors