Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
m_skrobanek
New Contributor

Portforwarding dynamic IP Adress

Hello, i try to forward the Port 443 in my fortigate. I would like to use OWA for my Exchange Server. We have no static IP Address and i would like to know it is possible to forward a external changing IP Address. In my config i set the parameters: External IP: 0.0.0.0 (i try it also with the actual ip address from the wan 1 interface) internal IP: 192.168.100.x (internal interface) external Port: 443 internal Port: 443 internal IP Adress: SBS2011 Server-Address I hope you can help me. Thanks a lot.
4 REPLIES 4
Carl_Wallmark
Valued Contributor

Hi, It seems correct. Dont forget the firewall policy as well.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
m_skrobanek
New Contributor

Hi, thanks for your answer. The firewall policy is created. I used the predefined https service to forward port 443. Unfortunatly it doesnt work. I also try to forward to other IP' s in the network which have a https service. Such like printers etc. Always the same sh..
rwpatterson
Valued Contributor III

Welcome to the forums. To forward a public IP address to an inside address in your network, you need to use Virtual IP addresses (VIPs). You define the VIP to map the outside address and port to the inside server address and port. You then use this as the destination in your policy. The FGT will proxy ARP any traffic bound to that socket and pass it through IF the policy matches. I have to add: The FGT will treat 0.0.0.0 as an address here, so it can be used as the source in the VIP definition.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
m_skrobanek
New Contributor

That' s it!!!! Thanks for your help. After many try i made it. And it is only a little thing which was changed in the new OS Versions. In the past the destination-adress could insert in this way you choose the Servername in the drop down menu which you give previously a IP address in the menu Firewall/Firewall Objects. NOW!!! you set the parameters for the VIP and after that you choose in the " policy options" in the field destination address (drop down menu) the name of the VIP or VIP-Group. Not the entry of the Firewall Object. ;)
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors