Fortinet black logo

Application Note

Home FortiExtender 7.0.1 Application Note
7.0.1
7.0.1

Configuring DNAT for a single port

Configuring DNAT for a single port

Enable port-forwarding for Virtual IP, if you need to hide the internal server port number or need to map several internal servers to the same public IP address.

In the following example, all TCP packets arriving on the FortiExtender with a destination of 10.1.1.1:8080 will depart from the device with a destination of 192.168.200.100:80.

Create a VIP

config firewall vip

edit "Internal_HTTP_Service"

set comment ''

set extip 10.1.1.1

set mappedip 192.168.200.100

set extintf any

set portforward enable

set protocol tcp

set extport 8080

set mappedport 80

next

Apply the VIP to a firewall policy

config firewall policy

edit services_fwd

set srcintf wan

set dstintf lan

set srcaddr all

set action accept

set status enable

set service ALL

set nat enable

set dnat enable

set vip Internal_HTTP_Service

next

end

Previous
Next

Configuring DNAT for a single port

Enable port-forwarding for Virtual IP, if you need to hide the internal server port number or need to map several internal servers to the same public IP address.

In the following example, all TCP packets arriving on the FortiExtender with a destination of 10.1.1.1:8080 will depart from the device with a destination of 192.168.200.100:80.

Create a VIP

config firewall vip

edit "Internal_HTTP_Service"

set comment ''

set extip 10.1.1.1

set mappedip 192.168.200.100

set extintf any

set portforward enable

set protocol tcp

set extport 8080

set mappedport 80

next

Apply the VIP to a firewall policy

config firewall policy

edit services_fwd

set srcintf wan

set dstintf lan

set srcaddr all

set action accept

set status enable

set service ALL

set nat enable

set dnat enable

set vip Internal_HTTP_Service

next

end

Previous
Next