Using port forwarding on a FortiGate unit
This example illustrates how to use virtual IPs to configure port forwarding on a
FortiGate unit, which redirects traffic from one port to another. In this example,
incoming connections from the Internet are allowed access to a server on the
internal network by opening TCP ports in the range 7882 to 7999 and UDP ports
2119 and 2995.
1. Creating three virtual IPs
2. Adding the virtual IPs to a VIP group
3. Creating a security policy
4. Results
Internet
Open TCP ports 7882-7999,
UDP port 2119 and 2995
for traffic from the
Internet to the server
FortiGate
Server
Creating three virtual IPs
Go to Firewall Objects > Virtual IPs >
Virtual IPs.
Enable Port Forwarding and add a virtual
IP using TCP protocol with the range 78827999.
Create a second virtual IP for the UDP port
2119.
Create a third a virtual IP for the UDP port
2995.
Adding virtual IPs to a VIP
group
Go to Firewall Objects > Virtual IPs > VIP
Groups.
Create a VIP group that includes all three
virtual IPs.
Creating a security policy
Go to Policy > Policy > Policy.
Create a security policy allowing inbound
connections to the server from the Internet.
Set the Destination Address as the new
VIP group.
Results
Go to Policy > Monitor > Policy Monitor
to see the active sessions.
Select the blue bar for more information on a
session.
Go to Log & Report > Traffic Log >
Forward Traffic to see the logged activity.
Select an entry for more information about
the session.