Configuring DNAT for all protocols (and ports) on one IP
If you want to expose the whole internal server to the public network, disable port-forwarding for Virtual IP.
In the following configuration example, all packets arriving on the FortiExtender with a destination of 10.1.1.1 will depart from the device with a destination of 192.168.200.100.
Create a VIP
config firewall vip
edit "Internal_Server"
set comment ''
set extip 10.1.1.1
set mappedip 192.168.200.100
set extintf any
set portforward disable
next
end
Apply the VIP to a firewall policy
config firewall policy
edit services_fwd
set srcintf wan
set dstintf lan
set srcaddr all
set action accept
set status enable
set service ALL
set nat enable
set dnat enable
set vip Internal_Server
next
end