Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
alexoc
New Contributor

VIPs to firewall GUI

[align=left]Hello,[/align][align=left]I am using a Fortinet Fortigate 60D with FortiOS 5.2.4, and I am working with some VIPs.[/align][align=left]I have created a VLAN in the Internal interface and assigned the address range 10.243.1.1/24. This interface has HTTP, SSH and HTTPS administrative access enabled, so if I want to connect to firewall's GUI it works fine.[/align][align=left]However, I want to connect to the GUI from another interface and I can't use ports 80 and 443, so I created three different VIPs, which are basically the same:[/align]

IP map: 10.253.1.1 -> 10.243.1.1 Port map: 2080 -> 80

IP map: 10.253.1.1 -> 10.243.1.1 Port map: 2443-> 443 

IP map: 10.253.1.1 -> 10.243.1.1 Port map: 4022-> 22

The main problem I am facing is that, despite the three VIPs are almost identical, I can connect to the Firewall via SSH but not via web browser to 10.243.1.1:2443.

 

Thank you for your help.

 

 

2 REPLIES 2
rwpatterson
Valued Contributor III

Well the native interface is assigned HTTPS on port 443 so yes, you will be denied 10.243.1.1:2443. The VIP at 10.253.1.1:2443 will work because it is redirecting port 2443 to port 443 which 10.243.1.1 is listening on. As defined, everything is working as it should.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Toshi_Esumi
SuperUser
SuperUser

And if you change those admin ports under system->settings to whatever you want, you don't have to deal with VIPs at all.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors