Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
m_skrobanek
New Contributor

Created on ‎09-15-2013 11:46 PM

Portforwarding dynamic IP Adress

Hello, i try to forward the Port 443 in my fortigate. I would like to use OWA for my Exchange Server. We have no static IP Address and i would like to know it is possible to forward a external changing IP Address. In my config i set the parameters: External IP: 0.0.0.0 (i try it also with the actual ip address from the wan 1 interface) internal IP: 192.168.100.x (internal interface) external Port: 443 internal Port: 443 internal IP Adress: SBS2011 Server-Address I hope you can help me. Thanks a lot.
9514
0 Kudos
4 REPLIES 4
Carl_Wallmark
Valued Contributor

Created on ‎09-15-2013 11:53 PM

Hi, It seems correct. Dont forget the firewall policy as well.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
2572
0 Kudos
m_skrobanek
New Contributor

Created on ‎09-18-2013 09:57 AM

Hi, thanks for your answer. The firewall policy is created. I used the predefined https service to forward port 443. Unfortunatly it doesnt work. I also try to forward to other IP' s in the network which have a https service. Such like printers etc. Always the same sh..
2572
0 Kudos
rwpatterson
Valued Contributor III
In response to m_skrobanek

Created on ‎09-18-2013 10:37 AM

Welcome to the forums. To forward a public IP address to an inside address in your network, you need to use Virtual IP addresses (VIPs). You define the VIP to map the outside address and port to the inside server address and port. You then use this as the destination in your policy. The FGT will proxy ARP any traffic bound to that socket and pass it through IF the policy matches. I have to add: The FGT will treat 0.0.0.0 as an address here, so it can be used as the source in the VIP definition.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
2572
0 Kudos
m_skrobanek
New Contributor

Created on ‎10-01-2013 12:33 PM

That' s it!!!! Thanks for your help. After many try i made it. And it is only a little thing which was changed in the new OS Versions. In the past the destination-adress could insert in this way you choose the Servername in the drop down menu which you give previously a IP address in the menu Firewall/Firewall Objects. NOW!!! you set the parameters for the VIP and after that you choose in the " policy options" in the field destination address (drop down menu) the name of the VIP or VIP-Group. Not the entry of the Firewall Object. ;)
2572
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.