Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Publishing Web Servers

I' ve tried publishing a web server using virtual ip/port forwarding. Here' s the configuration: External Interface: port 3 External port: 80 Internal port: 81 External ip: x.x.x.x internal ip: 10.0.0.1 port forwarding option selected I' ve then created a policy rule with the following configuration: Source port: port 3 Destination port: port 1 source address: all destination address: <nameofvirtual ip> schedule: always service: http action: accept NAT option selected. Doesn' t seem to work if I browse to the external ip, however, if I change the service to ANY, it seems to work fine. What other ports need to be enabled? Also, if i want to use an alternate IP address, do I just specify the alternate IP in the virtual IP config, or does that IP have to be configured elsewhere first? TIA!
2 REPLIES 2
UkWizard
New Contributor

This is probably happening because the webserver is using port 81, rather than 80. thus the rule when saying http (port 80) is failing. Create an custom service, with port 81, then use this for the service rather than http. And yes, to use another IP, just changing the virtual ip details is enough.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UkWizard
New Contributor

oh, by the way, the NAT should NOT be enabled, otherwise you will never be able to tell who is accessing the webserver, should any attacks take place. As all your logs will only have the fortinet address.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors