NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
ORIGINAL: tohritz @Dave the server is behind the fortigate...When you' re referring to portforwarding, that' s setting up VIP then create a policy for wan>internal right? there' s no such thing as mapping FQDN to an internal ip right or there is? coz my problem is, the person i' m assisting doesn' t have a static ip for their domain.Your problem is still a little vague -- what kind of access are you trying to grant this person to your internal network? There may be better solutions we can suggest. You can define a firewall object label as a FQDN, IP address, IP range. If your buddy can not set up his domain with a DDNS service (there are some cheap DDNS services you can get for under $20 per year), you can define a firewall object label that matches his IP/subnet range and use that for the firewall policy. Use this firewall object label for the " From address" field of the source (WAN) interface in the firewall policy. Re port forwarding -- although it' s not good security, you do not have to define a source IP to set up a port forwarding -- you can set the source to " all" and have it trigger on the port #. We have something like this set up for doing reverse VNC-connections (we run remote help desk software).
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2677 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.