- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Virtual IP and portforwarding
Device: FortiGate 60E, FortiOS 6.4.1
I am a bit ashamed to ask this, but I'm not able to correctly configure port forwarding for external access.
My goal is to make a web-interface of the office-automation system accessible from a mobile device outside the network. With all the previous routers I have used, setting this up was a matter of minutes, however with the FortiGate I really don't understand how to do this. I have watched all the videos I could find, searched and read recipes, without success.
The situation: SD-Wan zone with 2 members (2 providers who both give me a dynamic IP)
I use the FortiDDNS service. The internal IP I want to reach is 172.19.183.45 (internal port 8080). External port would be 8100.
I would like have with a link that looks like: myname.fortiddns.com:8100 to reach my office-automation system.
To achieve this I have tried to create a Virtual IP but I face an immediate first problem: what do I enter in the field 'External IP address'? In my case, this is dynamic.
Even if a enter my current WAN IP for test purposes it still doesn't work. What am I missing here?
In my old router I just enter the protocol (TCP), the public port, private IP and private port, witch WAN interface. Next I open the public port and that's it.
Help would be much appreciated.
Many thanks in advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
KDMac wrote:
To achieve this I have tried to create a Virtual IP but I face an immediate first problem: what do I enter in the field 'External IP address'? In my case, this is dynamic.
Have you tried to define as 0.0.0.0/0 to the External IP address?
Fortigate Newbie
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Fullmoon is right, '0.0.0.0/0' is the FortiOS notation for a wildcard address. It's documented in the Handbook.
Besides, port forwarding on a FGT is a 2 step process:
1- create a VIP
2- create a policy from WAN to LAN with the VIP as the destination address (!), like
srcif: sd-wan
srcaddr: all
dstif: LAN
dstaddr: myVIP
service: myCustomServiceTCP8100
NAT: disable
Place this policy above other policies with the same srcif/dstif combo.
If you cannot choose 'sd-wan' for source interface, specify 'any'.
