Hello,
I need to setup a rule that does this:
I have a device with this IP 192.168.250.1 (it cannot be changed) connected to LAN
I need to "associate" IP 192.168.250.1 with a local IP 10.0.3.115.
So when the http://10.0.3.115 is opened the really IP 192.168.250.1 have to respond
10.0.3.115 -> 192.168.250.1.
I guess 1:1 NAT and vrtual IP is not right way.
Any hint about this?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @it-andreagx ,
- Create a firewall policy with your source-ip and then apply 1:1 NAT to it and place that policy on top.
Do you mean in this way?
Hi @it-andreagx ,
So basically, your 192.168.250.1 should be NATed to 10.0.3.115 when leaving lan interface, correct? If yes create an IP-Pool and apply it to above policy and source and destination needs to be swapped.
no way :(
even with this setup if I ping the IP 10.0.3.115 the IP 192.168.250.1 do not reply
Hello @it-andreagx
You need to create a VIP with external IP 10.0.3.115 and internal IP 192.168.250.1:
You then need to make firewall policy with incoming interface as the interface where you are pinging from. Outgoing interface will be where 192.168.250.1 is located. In this policy add the VIP object in destination and in source you can keep 'all'.
Let me know if that works for you.
Regards,
Varun
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1669 | |
1081 | |
752 | |
446 | |
224 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.