Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

from external ip to an internal webserver ip

Hello, i have never worked with a complicated router before therefor i would really like some help from pro' s. My problem is the following. I need to link a webserver in the internal network to the external wan IP, so that it can be accessed from everywhere. Our router is a fortigate 50B. I ve done it on a simple router, with virtual ip and DMZ. When I enter the settings with virtual ip on the fortigate it doesn' t work. I must be missing something but the interface and options are too complex for someone with limited knowledge. So again all i need is when the Wan IP from the provider is entered in a browser that the router redirects it to our internal webserver 192.168.100.x Thanks! regards Yves
15 REPLIES 15
Not applicable

you need two things for that: 1. The Virtual IP Specify the External Interface, your public IP and the mapped IP (the IP of your webserver). 2. A Firewall Policy. Create a Policy with the following settings: Source Interface: The external Interface you are using (must be the same which you have specified in the VIP in case you have multiple wan ports in use...) Source Address: ALL Destination Interface: The Internal Interface to which your webserver is connected. Destination Address: The Virtual IP you have created. After that, you should be able to connect to your webserver from the internet.
Not applicable

thank you for the reply. I m afraid i allready tried the settings you mentioned. Virtual ip is my external ip WAN1 visiable in " system>network" copy past: githo wan1/84.195.xx.xxx 192.168.100.159 i left map to port open since its standar tcp port 80 on the webserver on the policy i made the policy you said source interface wan1 source adress all destination interface internal Destination adress githo (name of the vip) schedule always service any action accept and all other setting unmerked except NAT copy past: 2 all githo always ANY ACCEPT I just get a time out on every internet connection except the one on the internal network. which is rather weird. I must say i changed some setting in the " Protection Profile" under firewall scan strict unfiltered web under protocol recognition > http i put monitored ports on ALL, cant seem to remove it again.
Not applicable

try unchecking the NAT box in the Firewall Policy
Not applicable

NAT unchecked, still nothing. Any other settings that i can try ? do i need port forwarding ?
rwpatterson
Valued Contributor III

Are you trying this from inside the same network, or from the outside?

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Not applicable

when i try the wan1 ip on a brwoser from a pc in the internal network i get the indexpage of my webserver. When i try it through another internetconnection i get nothing.
rwpatterson
Valued Contributor III

Is the web server set up correctly? Is it allowing connections from all IP addresses? Is the subnetting correct? etc... I suspect the culprit is not the firewall. The inside PC is on the same subnet.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Not applicable

Hmm, the webserver is a standard setup. Where should I check that it does accept all ips and allows other subnets? it' s an IIS 6.0 server server2003 thx for the help btw! regards Yves
rwpatterson
Valued Contributor III

Sorry, I' m more of an Apache dude. IIS is like Russian to me...

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors