Fortinet black logo

Administration Guide

Configuring port forwarding in non-HA mode

Copy Link
Copy Doc ID 338565db-e3d8-11e9-8977-00505692583a:261193
Download PDF

Configuring port forwarding in non-HA mode

FortiGate configuration

Complete the following steps in the FortiGate UI.

  1. Go to Policy & Objects > Virtual IPs.
  2. Create two IPv4 virtual IPs with the following information:
    • IP-Mapping-443: <external_IP_address> > 10.160.12.207 (TCP: 12443 > 443)

    • IP-Mapping-8887: <external_IP_address> > 10.160.12.207 (TCP: 12887 > 8887)

  3. Go to Policy & Objects > IPv4 Policy > Create New.
  4. Create an IPv4 policy that includes the two virtual IPs that you created.

FortiIsolator configuration

Use the FortiIsolator CLI to configure port forwarding mappings. Use the fis-ipmap command in the following format:

set fis-ipmap <external_port> <internal_port> <external_IP_address>

For example, set fis-ipmap 12443 12887 <external_IP_address

Client system configuration

Complete the following steps on the client system (for example, Windows 10).

  1. In Windows 10, launch CMD as administrator.
  2. Use the following commands to add the FortiGate IP address to the routing table on the client system:
    1. At the command prompt, type route ADD <external_IP_address> Mask 255.255.255.255 <FortiGate_IP_address>.

      For example, route –p ADD <external_IP_address> MASK 255.255.255.255 10.160.17.89.

    2. To confirm the setup, type route print.

  3. To verify that it works in a browser, browse to https://<external_IP_address>:12443/isolator/https://www.google.com.

Configuring port forwarding in non-HA mode

FortiGate configuration

Complete the following steps in the FortiGate UI.

  1. Go to Policy & Objects > Virtual IPs.
  2. Create two IPv4 virtual IPs with the following information:
    • IP-Mapping-443: <external_IP_address> > 10.160.12.207 (TCP: 12443 > 443)

    • IP-Mapping-8887: <external_IP_address> > 10.160.12.207 (TCP: 12887 > 8887)

  3. Go to Policy & Objects > IPv4 Policy > Create New.
  4. Create an IPv4 policy that includes the two virtual IPs that you created.

FortiIsolator configuration

Use the FortiIsolator CLI to configure port forwarding mappings. Use the fis-ipmap command in the following format:

set fis-ipmap <external_port> <internal_port> <external_IP_address>

For example, set fis-ipmap 12443 12887 <external_IP_address

Client system configuration

Complete the following steps on the client system (for example, Windows 10).

  1. In Windows 10, launch CMD as administrator.
  2. Use the following commands to add the FortiGate IP address to the routing table on the client system:
    1. At the command prompt, type route ADD <external_IP_address> Mask 255.255.255.255 <FortiGate_IP_address>.

      For example, route –p ADD <external_IP_address> MASK 255.255.255.255 10.160.17.89.

    2. To confirm the setup, type route print.

  3. To verify that it works in a browser, browse to https://<external_IP_address>:12443/isolator/https://www.google.com.