How to configure virtual IP with a router and a firewall

cristian · ‎10-30-2018

Hello!! I have a problem with a FG60D and a TIM ROUTER. I am unable to configure a Virtual IP.

The configuration is:

External and public ip (sample): 256.123.456.789

-- ROUTER PROVIDER --

-- nat port 8080 to 192.168.2.23

internal lan ip router: 192.168.2.6

wan 1 port firewall: 192.168.2.23

-- FORTINET FG60D --

internal ip port: 192.168.1.95

PERSONAL COMPUTER with ip: 192.168.1.93 and iis on port 8080.

How should I configure

- virtual ip

- firewall policy

- etc

in order to use, from an external computer, with ip 257.234.567.890 the service present on port 8080 of 192.168.1.93

using for example the command http://256.123.456.789:8080.

Unfortunately the sample configuration present on https://cookbook.fortinet.com/port-forwarding-60/ does not solve my problem.

Thanks, Best Regards

sw2090 · ‎11-02-2018

hm the sample config looks quite legit thus is a little bit oversized for this case since they do for three ports.

So you would have to set:

External IP/Range: 192.168.2.23 - 192.168.2.23

Mapped IP/Range: 192.168.1.93 - 192.168.1.93

Port Forwarding: on

Protocoll: TCP

External Service Port: 8080 - 8080

Map to Port: 8080 - 8080

for VIP.

You don't need to create a group. They did because they forward three ports and wanted to create only one policy for his :)

You do need to create the policy to allow the traffic:

Name: what you want it to be :)

Incoming Interface: wan1

Outgoing Interface: the port where 192.168.1.93 is connected to

Source: all

Destination: the VIP you set above

Service: all (you could also restrict hat to https if you just want to allow https traffic on that port).

NAT: off (VIP already does the NAT)

Action: Accept.

this should do it...

--

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

Nominate a Forum Post for Knowledge Article Creation