Fortinet black logo

Administration Guide

Home FortiIsolator 2.4.0 Administration Guide
2.4.0
2.4.4
2.4.3
2.4.2
2.4.1
2.4.0
2.3.4
2.3.1
2.3.0
2.2.0
2.1.2
2.1.1
2.1.0
2.0.1
2.0.0
1.2.2
1.2.1
1.2.0
1.1.0

Configuring IP mapping in regular mode

Configuring IP mapping in regular mode

Configuring IP Mapping in regular mode (non-HA) requires configurations in three systems:

  1. FortiIsolator configuration
  2. FortiGate configuration
  3. Client system configuration
FortiIsolator configuration

Use the FortiIsolator CLI to configure port forwarding mappings. Use the fis-ipmap command in the following format:

set fis-ipmap <port_map_to_443> <port_map_to_8887> <external_IP_address>

For example,

set fis-ipmap 12443 12887 172.30.147.207

FortiGate configuration

Complete the following steps in the FortiGate UI.

  1. Go to Policy & Objects > Virtual IPs.
  2. Create two IPv4 virtual IPs with the following information:

    • IP-Mapping-443: <external_IP_address> -> FIS_IP (TCP: 12443 > 443)

      e.g. 172.30.147.207 -> 172.30.157.19 (TCP: 12443 > 443)

    • IP-Mapping-8887: <external_IP_address -> FIS_IP (TCP: 12887 > 8887)

      e.g. 172.30.147.207 -> 172.30.157.19 (TCP: 12887 > 8887)

    Note

    This example uses the following:

    • External_IP_address: 172.30.147.207
    • FIS_IP: 172.30.157.19

    Settings of ip-mapping-443:

    Settings of ip-mapping-8887:

  3. Go to Policy & Objects > IPv4 Policy > Create New.
  4. Create an IPv4 policy that includes the two virtual IPs that you created.

Client system configuration

Complete the following steps on the client system (for example, Windows 10).

  1. In Windows 10, launch CMD as administrator.
  2. Use the following commands to add the FortiGate IP address to the routing table on the client system:
    1. At the command prompt, type

      route –p ADD <external_IP_address> Mask 255.255.255.255 <FGT_IP_address>

      For example,

      route –p ADD 172.30.147.207 MASK 255.255.255.255 172.30.157.48

    2. To confirm the setup, type route print.

  3. To verify that it works in a browser, browse to:

    https://<external_IP_address>:<port_map_to_443>/isolator/https://www.fortinet.com

    e.g.:

    https://172.30.147.207:12443/isolator/https://www.fortinet.com

Previous
Next

Configuring IP mapping in regular mode

Configuring IP Mapping in regular mode (non-HA) requires configurations in three systems:

  1. FortiIsolator configuration
  2. FortiGate configuration
  3. Client system configuration
FortiIsolator configuration

Use the FortiIsolator CLI to configure port forwarding mappings. Use the fis-ipmap command in the following format:

set fis-ipmap <port_map_to_443> <port_map_to_8887> <external_IP_address>

For example,

set fis-ipmap 12443 12887 172.30.147.207

FortiGate configuration

Complete the following steps in the FortiGate UI.

  1. Go to Policy & Objects > Virtual IPs.
  2. Create two IPv4 virtual IPs with the following information:

    • IP-Mapping-443: <external_IP_address> -> FIS_IP (TCP: 12443 > 443)

      e.g. 172.30.147.207 -> 172.30.157.19 (TCP: 12443 > 443)

    • IP-Mapping-8887: <external_IP_address -> FIS_IP (TCP: 12887 > 8887)

      e.g. 172.30.147.207 -> 172.30.157.19 (TCP: 12887 > 8887)

    Note

    This example uses the following:

    • External_IP_address: 172.30.147.207
    • FIS_IP: 172.30.157.19

    Settings of ip-mapping-443:

    Settings of ip-mapping-8887:

  3. Go to Policy & Objects > IPv4 Policy > Create New.
  4. Create an IPv4 policy that includes the two virtual IPs that you created.

Client system configuration

Complete the following steps on the client system (for example, Windows 10).

  1. In Windows 10, launch CMD as administrator.
  2. Use the following commands to add the FortiGate IP address to the routing table on the client system:
    1. At the command prompt, type

      route –p ADD <external_IP_address> Mask 255.255.255.255 <FGT_IP_address>

      For example,

      route –p ADD 172.30.147.207 MASK 255.255.255.255 172.30.157.48

    2. To confirm the setup, type route print.

  3. To verify that it works in a browser, browse to:

    https://<external_IP_address>:<port_map_to_443>/isolator/https://www.fortinet.com

    e.g.:

    https://172.30.147.207:12443/isolator/https://www.fortinet.com

Previous
Next