Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Norris81
New Contributor

Migrating from Sonicwall - Multiple Ports on VIP

Hi All,

 

I'm in the process of migrating from a Sonicwall to a FortiGate and I have come up against a NAT setting on the Sonicwall that I'm not too sure how to recreate on the FortiGate.

 

On the Sonicwall I have several NAT policies that will do for example.

Translate ports that are not in a range or sequential, but are members of Service group. 

 

E.g.

 

Public IPOutside Port/Service GroupPrivate IPInside Port/Service
1.2.3.4PhoneSystemPorts192.168.1.10PhoneSystemPorts

 

Service Group: PhoneSystemPorts

Members:

PhoneSystemPort1 : TCP 80

PhoneSystemPort2 : TCP 8000

 

Is this possible to recreate with Virtual IPs, Optional Filters and Services?

Do I just leave the Port Forward option switched off?

 

Or do I need to create multiple ViPs to recreate this?

 

Any advise welcome.

1 Solution
adimailig
Staff
Staff

If there is no TCP Port translation, you can use the Service Option.
You may refer to below guide.
https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/446182/virtual-ip-with-services
https://community.fortinet.com/t5/FortiGate/Virtual-IP-with-services/ta-p/199427

If there is TCP Port translation, you need to have multiple Virtual IP and enable Port Forwarding.
After that create Virtual IP Group.
https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/155333/virtual-ips-with-port...

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**

Best Regards,

Arnold Dimailig
TAC Engineer

View solution in original post

2 REPLIES 2
adimailig
Staff
Staff

If there is no TCP Port translation, you can use the Service Option.
You may refer to below guide.
https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/446182/virtual-ip-with-services
https://community.fortinet.com/t5/FortiGate/Virtual-IP-with-services/ta-p/199427

If there is TCP Port translation, you need to have multiple Virtual IP and enable Port Forwarding.
After that create Virtual IP Group.
https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/155333/virtual-ips-with-port...

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**

Best Regards,

Arnold Dimailig
TAC Engineer
Norris81

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors