Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
alexoc
New Contributor

VIPs to firewall GUI

[align=left]Hello,[/align][align=left]I am using a Fortinet Fortigate 60D with FortiOS 5.2.4, and I am working with some VIPs.[/align][align=left]I have created a VLAN in the Internal interface and assigned the address range 10.243.1.1/24. This interface has HTTP, SSH and HTTPS administrative access enabled, so if I want to connect to firewall's GUI it works fine.[/align][align=left]However, I want to connect to the GUI from another interface and I can't use ports 80 and 443, so I created three different VIPs, which are basically the same:[/align]

IP map: 10.253.1.1 -> 10.243.1.1 Port map: 2080 -> 80

IP map: 10.253.1.1 -> 10.243.1.1 Port map: 2443-> 443 

IP map: 10.253.1.1 -> 10.243.1.1 Port map: 4022-> 22

The main problem I am facing is that, despite the three VIPs are almost identical, I can connect to the Firewall via SSH but not via web browser to 10.243.1.1:2443.

 

Thank you for your help.

 

 

2 REPLIES 2
rwpatterson
Valued Contributor III

Well the native interface is assigned HTTPS on port 443 so yes, you will be denied 10.243.1.1:2443. The VIP at 10.253.1.1:2443 will work because it is redirecting port 2443 to port 443 which 10.243.1.1 is listening on. As defined, everything is working as it should.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Toshi_Esumi
Esteemed Contributor III

And if you change those admin ports under system->settings to whatever you want, you don't have to deal with VIPs at all.

Top Kudoed Authors