How to Configure FortiGate Firewall for Virtual IP + NAT

FortiGate Firewall Configuration for Virtual IP + NAT

You will learn how to create a Virtual IP (VIP) in FortiGate Firewall via CLI. Configure FortiGage Firewall in NAT mode to map it against an IP of a private segment and do in turn port forwarding.

Fortigate firewall Configuration

The configuration is very simple. Fortigate is exposed to the Internet through the VIP listening on TCP port 80. That IP makes NAT against the web server whose private IP is, which also listens on port 80.

This configuration take from FortiGate CLI.

Fortigate firewall Configuration

It is simple, specify the name of the VIP in the firewall. The VIP that will be raised in the indicated interface (in this case wan1. Which is the leg connected to the Internet) and port forwarding is enabled in the NAT, mapping the port external 80 with internal 80.

Once the VIP is configured it is necessary to establish a firewall policy that allows traffic through port 80 originating from the wan1 interface. And VIP destination vip-webserver01 with their respective TCP ports. The following example establishes this configuration in rule number 10 of the policy:

Firewall Policy Fortigate

The configuration is clear. Traffic originating from the Internet paw (wan1) is allowed from any direction and to the internal leg (port5) for the VIP vip-webserver01 and the HTTP service with NAT enabled.

With this simple configuration, there is already a public VIP that attacks the TCP port 80 of a computer in the private network.

FortiGate Firewall is most using and trusted Network Firwall. It is easy to configure and user friendly. Fortigate Firewall secure comes in hardware and secure your network from unwanted access or virus attack. And using FortiGate Firewall in Network you can limited internet access to your computers and users.

Leave a Reply

Your email address will not be published. Required fields are marked *