Hi all,
Really need someone advise on this issue. Below is my network setup.
I had purchased a public static IP address 12.xxx.xxx.218 from my internet provider.
I had a web server private IP address: 19.xxx.xxx.117.
I need to NAT the private IP address: 19.xxx.xxx.117 to public static ip address 12.xxx.xxx.218 so that i only need to input 12.xxx.xxx.218 on a web browser over the internet to access my webserver
In the end, i still cannot ping 12.xxx.xxx.218 after i done some NAT configuration inside the firewall.
Below is my firewall setup for NAT:
This is the firewall Port 13 interface
This is the firewall Wan1 interface
I had created a Virtual IP named NUC Gateway
- I had configure a LAN to WAN for internet access
- NAT is turned on
- I had created a Wan to LAN where i input my previous created virutal IP "NUC gateway" and selected at the Destination field
- I do not turn on NAT
Anyone experience on this setup, can advise what went wrong?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Rayha
Your setup should work.
I'd check if really the public IP 12.x is mine.
To check this you can for example set it as secondary WAN IP and the try ping it from outside.
Hi AEK,
I had tried put it as a WAN secondary IP. I cannnot ping the WAN secondary IP. According to my internet provider, they mentioned cannot ping this purchased Public static Ip address which i feel strange. So now i cannot ping, does it mean this not belong to me?
hm in this setup you might need to portforward twice.
ISP Router has to forward 80/443 to your FGT and then the FGT needs a vip to forward those to your webserver. And this has to be destination in the corresponding policy.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Agree with you. I didn't notice the ISP router.
Bridge mode is also a solution. So you need to check how your ISP router is configured, or check with ISP if you don't have access to it.
Hi,
Able to suggest how you do these as i am totally new for fortigate?
Configuration is to be done on ISP router, not on FGT. I think your ISP can help.
Hi AEK,
I had no access to the ISP router. I had actually contact the ISP side already and they mentioned their side has configure correctly.
Hi Rayha
What do they mean by configured correctly? It can be configured in many ways.
If possible they share the configuration so you can deduce how you will configure the FGT.
Hi AEK,
Good suggestion. I will see whether they can release such information for me.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.