Combining source and destination NAT in the same policy (388718)
The Service field has been added to Virtual IP objects. When service and portforward are configured, only a single mapped port can be configured. However, multiple external ports can be mapped to that single internal port.
config firewall vip edit “vip1” set type load-balance
set service “HTTP-8080” “HTTP” <—– New Service field, accepts Service/Service group names
set extip 22.214.171.124-126.96.36.199 set extintf “wan1” set portforward enable set mappedip “188.8.131.52”
set mappedport 100 <——– single port end
The reason for making this configuration possible is to allow complex scenarios where multiple sources of traffic are using multiple services to connect to a single computer, while requiring a combination of source and destination NAT and not requiring numerous VIPs bundled into VIP groups.
Combining source and destination NAT in the same policy (388718) GUI
GUI NP6 Host Protection Engine (HPE) to add protection for DDoS attacks (363398)
Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!