The port specified should match the (custom) service you specify in the policy. when you plan to allow several services into your LAN/DMZ, you make the VIP a port-forwarding VIP. Regarding port forwarding: sometimes, esp. Policy & Object > Virtual Address create new, then enter external address: 1.1.1.1 mapped-to address: 192.168.14.1 no port forwarding (at this moment) To bring a VIP into effect, you use it in an inbound policy: new policy, source interface: wan dest interface: internalX source address: all (you don't know in advance) dest address: !! service: whatever applies schedule: always NAT: nope and then test it. The object you need to create is called "Virtual address" or VIP in FortiOS. Say you want to forward traffic to public WAN address 1.1.1.1 to your internal server at 192.168.14.1.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |