Configuring port forwarding in HA mode
FortiGate configuration
Complete the following steps in the FortiGate UI.
- Go to Policy & Objects > Virtual IPs.
- Create two IPv4 virtual IPs with the following information:
IP-Mapping-443: <external_IP_address> > 10.160.12.207 (TCP: 14443 > 443)
IP-Mapping-8887: <external_IP_address> > 10.160.12.207 (TCP: 14887 > 8887)
- Go to Policy & Objects > IPv4 Policy > Create New.
- Create an IPv4 policy that includes the two virtual IPs that you created.
FortiIsolator configuration
Use the FortiIsolator CLI to configure port forwarding mappings. Use the following commands:
-
set fis-ipmap <port_map_to_443> <port_map_to_8887> <external_IP_address>
For example,
set fis-ipmap 12443 12887 <external_IP_address>
. -
set fis-ipmap-vip <port_map_to_443> <port_map_to_8887> <external_IP_address>
For example,
set fis-ipmap-vip 14443 14887 <external_IP_address>
. -
set fis-ipmap-ha <priority> <external_IP_address> <internal_IP_address:slave_1> <port_map_to_443> <port_map_to_8887>
For example,
set fis-ipmap-ha 10 <external_IP_address> 10.160.12.207 12443 12887
Client system configuration
Complete the following steps on the client system (for example, Windows 10).
- In Windows 10, launch CMD as administrator.
- Use the following commands to add the FortiGate IP address to the routing table on the client system:
- At the command prompt, type
route ADD <external_IP_address> Mask 255.255.255.255 <FortiGate_IP_address>
.For example,
route –p ADD <external_IP_address> MASK 255.255.255.255 10.160.17.89
. - To confirm the setup, type
route print
.
- At the command prompt, type
- To verify that it works in a browser, browse to https://<external_IP_address>:14443/isolator/https://www.google.com.