Combining source and destination NAT in the same policy (388718)

Combining source and destination NAT in the same policy (388718)

The Service field has been added to Virtual IP objects. When service and portforward are configured, only a single mapped port can be configured. However, multiple external ports can be mapped to that single internal port.

config firewall vip edit “vip1” set type load-balance

set service “HTTP-8080” “HTTP” <—– New Service field, accepts Service/Service group names

set extip 20.0.0.0-20.0.255.255 set extintf “wan1” set portforward enable set mappedip “30.0.0.1”

set mappedport 100 <——– single port end

The reason for making this configuration possible is to allow complex scenarios where multiple sources of traffic are using multiple services to connect to a single computer, while requiring a combination of source and destination NAT and not requiring numerous VIPs bundled into VIP groups.

Combining source and destination NAT in the same policy (388718)                                                                    GUI

GUI                                                   NP6 Host Protection Engine (HPE) to add protection for DDoS attacks (363398)

This entry was posted in FortiOS 5.6 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.