Hello,
Is it possible please to implement port forwarding towards internet on Forti running v6.2.7? All the guides mention only port forwarding from internet to your internal network, but we need to achieve opposite.
Customer is using Proxy which is on the internet and their servers are configured to use URL for this proxy and ports 80/443. The goal is that when the traffic is leaving internet facing Fortigate there should be classic hide NAT, but in addition we need to change the destination ports to 8081 and 8443.
Customer mentioned that when they originally set this up (we were running 5.6.2) there wasn't a way to achieve it via FW rule plus NAT only. Right now there is a workaround via Virtual Servers to achieve this, but we would like to get rid of those if possible.
Thank you.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I don't see any reason not to work for this simple SNAT+VIP with an in-to-out policy even 5.6 or older. Have you tried and found not working? You can easily set up a test policy with one test device's IP, like a laptop's, then run sniffer on the outgoing/internet port and/or flow debugging while sending HTTP(80)/HTTPS(443) traffic to check if the behavior is what you intended.
Unfortunately I wasn't there when the previous engineer for some reason assumed it's not possible. So that got me doubting if there really is something which prevents to set it up in this way.
I probably won't be allowed to test it in production, so I will try to setup a lab and verify. Just wanted to check first if it should work.
Thank you.
Ok, after I setup my lab I am starting to see the issue.
Thing is that under Virtual IP you are not allowed to do port-forwarding only, you have to specify also External and Mapped IP address, but we don't want that. We want simple hide NAT.
So is there really no way to achieve this setup? Hide NAT with port forwarding?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.