Fortinet black logo

Application Note

Home FortiExtender 7.0.1 Application Note
7.0.1
7.0.1

Configuring DNAT for all protocols (and ports) on one IP

Configuring DNAT for all protocols (and ports) on one IP

If you want to expose the whole internal server to the public network, disable port-forwarding for Virtual IP.

In the following configuration example, all packets arriving on the FortiExtender with a destination of 10.1.1.1 will depart from the device with a destination of 192.168.200.100.

Create a VIP

config firewall vip

edit "Internal_Server"

set comment ''

set extip 10.1.1.1

set mappedip 192.168.200.100

set extintf any

set portforward disable

next

end

Apply the VIP to a firewall policy

config firewall policy

edit services_fwd

set srcintf wan

set dstintf lan

set srcaddr all

set action accept

set status enable

set service ALL

set nat enable

set dnat enable

set vip Internal_Server

next

end

Previous
Next

Configuring DNAT for all protocols (and ports) on one IP

If you want to expose the whole internal server to the public network, disable port-forwarding for Virtual IP.

In the following configuration example, all packets arriving on the FortiExtender with a destination of 10.1.1.1 will depart from the device with a destination of 192.168.200.100.

Create a VIP

config firewall vip

edit "Internal_Server"

set comment ''

set extip 10.1.1.1

set mappedip 192.168.200.100

set extintf any

set portforward disable

next

end

Apply the VIP to a firewall policy

config firewall policy

edit services_fwd

set srcintf wan

set dstintf lan

set srcaddr all

set action accept

set status enable

set service ALL

set nat enable

set dnat enable

set vip Internal_Server

next

end

Previous
Next