Fortinet FortiGate 4000 User Manual
Page 216
216
Fortinet Inc.
Virtual IPs
Firewall configuration
6
Enter the External IP Address that you want to map to an address on the destination
zone.
You can set the external IP address to the IP address of the external interface
selected in step
4
or to any other address.
If the IP address of the external interface selected in step
4
is set using PPPoE or
DHCP, you can enter 0.0.0.0 for the External IP Address. The FortiGate unit
substitutes the IP address set for this external interface using PPPoE or DHCP.
For example, if the virtual IP provides access from the Internet to a server on your
internal network, the external IP address must be a static IP address obtained from
your ISP for this server. This address must be a unique address that is not used by
another host. However, this address must be routed to the external interface selected
in step
4
. The virtual IP address and the external IP address can be on different
subnets.
7
Enter the External Service Port number that you want to configure port forwarding for.
The external service port number must match the destination port of the packets to be
forwarded. For example, if the virtual IP provides access from the Internet to a web
server, the external service port number is 80 (the HTTP port).
8
In Map to IP, enter the real IP address on the destination network.
For example, the real IP address could be the IP address of a web server on an
internal network.
9
In Map to Port, enter the port number to be added to packets when they are
forwarded.
If you do not want to translate the port, enter the same number as the External Service
Port.
If you want to translate the port, enter the port number to which to translate the
destination port of the packets when they are forwarded by the firewall.
10
Select the protocol (TCP or UDP) that you want the forwarded packets to use.
11
Select OK to save the port forwarding virtual IP.