Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rayha
New Contributor III

NAT webserver private ip address to a purchase public IP address issue

Hi all,

    

     Really need someone advise on this issue. Below is my network setup.

Network_diagram.png

 

      I had purchased a public static IP address 12.xxx.xxx.218 from my internet provider.

      I had a web server private IP address: 19.xxx.xxx.117. 

      I need to NAT the private IP address: 19.xxx.xxx.117 to public static ip address 12.xxx.xxx.218 so that i only need to input 12.xxx.xxx.218 on a web browser over the internet to access my webserver 

      In the end, i still cannot ping 12.xxx.xxx.218 after i done some NAT configuration inside the firewall.

      Below is my firewall setup for NAT:

    

                      This is the firewall Port 13 interface

LAN1.png

 

                This is the firewall Wan1 interface

Wan1.png

 

    I had created a Virtual IP named NUC Gateway

virtual IP.png

 

I had configure a LAN to WAN for internet access

- NAT is turned on

Wan-LAN.png

 

 - I had created a Wan to LAN where i input my previous created virutal IP "NUC gateway" and selected at the      Destination field

- I do not turn on NAT

LAN-WAN.png

     Anyone experience on this setup, can advise what went wrong?

 

20 REPLIES 20
AEK
Honored Contributor

Hi Rayha

Your setup should work.

I'd check if really the public IP 12.x is mine.

To check this you can for example set it as secondary WAN IP and the try ping it from outside.

AEK
AEK
rayha
New Contributor III

Hi AEK,

 

     I had tried put it as a WAN secondary IP. I cannnot ping the WAN secondary IP. According to my internet provider, they mentioned cannot ping this purchased Public static Ip address which i feel strange. So now i cannot ping, does it mean this not belong to me?

sw2090
Honored Contributor

hm in this setup you might need to portforward twice.

ISP Router has to forward 80/443 to your FGT and then the FGT needs a vip to forward those to your webserver. And this has to be destination in the corresponding policy.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
AEK
Honored Contributor

Agree with you. I didn't notice the ISP router.

Bridge mode is also a solution. So you need to check how your ISP router is configured, or check with ISP if you don't have access to it.

AEK
AEK
rayha
New Contributor III

Hi,

 

    Able to suggest how you do these as i am totally new for fortigate?

AEK
Honored Contributor

Configuration is to be done on ISP router, not on FGT. I think your ISP can help.

AEK
AEK
rayha
New Contributor III

Hi AEK,

         I had no access to the ISP router. I had actually contact the ISP side already and they mentioned their side has configure correctly.

 

AEK
Honored Contributor

Hi Rayha

What do they mean by configured correctly? It can be configured in many ways.

If possible they share the configuration so you can deduce how you will configure the FGT.

AEK
AEK
rayha
New Contributor III

Hi AEK,

      Good suggestion. I will see whether they can release such information for me.

Labels
Top Kudoed Authors