Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
KDMac
New Contributor

Created on ‎06-14-2020 08:31 AM

Virtual IP and portforwarding

Device: FortiGate 60E, FortiOS 6.4.1

I am a bit ashamed to ask this, but I'm not able to correctly configure port forwarding for external access.

My goal is to make a web-interface of the office-automation system accessible from a mobile device outside the network. With all the previous routers I have used, setting this up was a matter of minutes, however with the FortiGate I really don't understand how to do this. I have watched all the videos I could find, searched and read recipes, without success.

 

The situation: SD-Wan zone with 2 members (2 providers who both give me a dynamic IP)

I use the FortiDDNS service. The internal IP I want to reach is 172.19.183.45 (internal port 8080). External port would be 8100.

I would like have with a link that looks like: myname.fortiddns.com:8100 to reach my office-automation system.

To achieve this I have tried to create a Virtual IP but I face an immediate first problem: what do I enter in the field 'External IP address'? In my case, this is dynamic.

 

Even if a enter my current WAN IP for test purposes it still doesn't work. What am I missing here?

 

In my old router I just enter the protocol (TCP), the public port, private IP and private port, witch WAN interface. Next I open the public port and that's it. 

 

Help would be much appreciated.

 

Many thanks in advance. 

7285
0 Kudos
2 REPLIES 2
Fullmoon
Contributor III

Created on ‎06-14-2020 05:15 PM

KDMac wrote:

 

 

To achieve this I have tried to create a Virtual IP but I face an immediate first problem: what do I enter in the field 'External IP address'? In my case, this is dynamic.

 

 

Have you tried to define as 0.0.0.0/0 to the External IP address?

Fortigate Newbie

Fortigate Newbie
4210
0 Kudos
ede_pfau
SuperUser
SuperUser
In response to Fullmoon

Created on ‎06-15-2020 01:46 AM

@Fullmoon is right, '0.0.0.0/0' is the FortiOS notation for a wildcard address. It's documented in the Handbook.

 

Besides, port forwarding on a FGT is a 2 step process:

1- create a VIP

2- create a policy from WAN to LAN with the VIP as the destination address (!), like

srcif: sd-wan

srcaddr: all

dstif: LAN

dstaddr: myVIP

service: myCustomServiceTCP8100

NAT: disable

 

Place this policy above other policies with the same srcif/dstif combo.

If you cannot choose 'sd-wan' for source interface, specify 'any'.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
4210
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.