Combining source and destination NAT in the same policy (388718)

Combining source and destination NAT in the same policy (388718)

The Service field has been added to Virtual IP objects. When service and portforward are configured, only a single mapped port can be configured. However, multiple external ports can be mapped to that single internal port.

config firewall vip edit “vip1” set type load-balance

set service “HTTP-8080” “HTTP” <—– New Service field, accepts Service/Service group names

set extip 20.0.0.0-20.0.255.255 set extintf “wan1” set portforward enable set mappedip “30.0.0.1”

set mappedport 100 <——– single port end

The reason for making this configuration possible is to allow complex scenarios where multiple sources of traffic are using multiple services to connect to a single computer, while requiring a combination of source and destination NAT and not requiring numerous VIPs bundled into VIP groups.

Combining source and destination NAT in the same policy (388718)                                                                    GUI

GUI                                                   NP6 Host Protection Engine (HPE) to add protection for DDoS attacks (363398)


Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Name *
Email *
Website