Virtual IP groups Just like other address, Virtual IP addresses can be organized into groups for ease of administration. If you have multiple virtual IPs that are likely to be associated to common firewall policies rather than add them individually to each of the policies you can add the instead. That way, if the members […]
Dynamic VIP according to DNS translation When a dynamic virtual IP is used in a policy, the dynamic DNS translation table is installed along with the dynamic NAT translation table into the kernel. All matched DNS responses will be translated and recorded regardless if they hit the policy. When a client request hits the policy, […]
FQDN in VIPs Instead of mapping to an IP address a VIP can use a FQDN(Fully Qualified Domain Name). This has to be configured in the CLI and the FQDN must be an address object that is already configured in the address listing. The syntax for using a FQDN is: config firewall vip edit <VIP […]
Creating a virtual IP Go to Policy & Objects > Virtual IPs. Select Create New. A drop down menu is displayed. Select Virtual IP. From the VIP Type options, choose an applicable type based on the IP addressing involved. Which is chosen will depend on which of the IP version networks is on the external […]
Virtual IPs The mapping of a specific IP address to another specific IP address is usually referred to as Destination NAT. When the Central NAT Table is not being used, FortiOS calls this a Virtual IP Address, sometimes referred to as a VIP. FortiOS uses a DNAT or Virtual IP address to map an External […]
Creating an address group Go to Policy & Objects > Addresses. Select the down arrow next to Create New, select Address Group. Choose the Category, that is applicable to the proposed selection of addresses. Input a Group Name for the address object. Depending on which Category has been chosen the configurations will differ slightly IPv4 […]
Address groups Address groups are designed for ease of use in the administration of the device. If you have a number of addresses or address ranges that will commonly be treated the same or require the same security policies, you can put them into address groups, rather than entering multiple individual addresses in each policy […]
Hey Guys, check out Fortinet presenting on Tech Field Day Live (quick search on facebook will find the stream). Outside of the one guy needing to invest in an iron the content is pretty good.