Home > Developer Tools > Technical Articles

FortiOS 6.0 Getting Started: Port forwarding

Source: Internet
Author: User
Keywords FortiOS 6.0 Port forwarding
Tags port forwarding getting started forticloud fortios fortios 6.0
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

In this recipe, you configure port forwarding to open specific ports and allow connections from the Internet to reach a server located behind the FortiGate. This allows Internet users to reach the server through the FortiGate without knowing the server’s internal IP address. Users can also connect using only the ports that you choose.

1. Creating three virtual IP addresses

In this example, you open TCP ports 8096 (HTTP), 21 (FTP), and 22 (SSH) for remote users to communicate with the server behind the firewall. The external IP address of the server is 172.25.176.60, which is mapped to the internal IP address 192.168.70.10.

To create a virtual IP (VIP) address for port 8096, go to Policy & Objects > Virtual IPs and create a new virtual IP address.

Set External IP Address/Range to 172.25.176.60 and set Mapped IP Address/Range to 192.168.65.10.

Enable Port Forwarding. Set Protocol to TCP, set External Service Port to 8096, and set Map to Port to 8096.

Create a second VIP address for port 21. Set both External Service Port and Map to Port to 21.

Create a third VIP address for port 22. Set both External Service Port and Map to Port to 22.

2. Adding the virtual IP addresses to a VIP group

To add the new virtual IP addresses to a virtual IP group, go to Policy & Objects > Virtual IPs and create a new group.

Set the new virtual IP addresses as Members of the group.

3. Creating a security policy

To allow Internet users to reach the server, go to Policy & Objects > IPv4 Policy and create a new policy.

Set Incoming Interface to your Internet-facing interface, Outgoing Interface to the interface connected to the server, and Destination Address to the VIP group (webserver group).*

NAT is disabled for this policy so that the server sees the original source addresses of the packets it receives. This is the preferred setting for a number of reasons. For example, the server logs are more meaningful if they record the actual source addresses of your users.

4. Results

To ensure that TCP port 8096 is open, browse to http://172.25.176.60:8096.

Next, ensure that TCP port 21 is open by using an FTP client to connect to the FTP server from a remote connection on the other side of the firewall.

Finally, ensure that TCP port 22 is open by connecting to the SSH server from a remote connection on the other side of the firewall.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
started getting getting started with docker aws ec2 getting started getting started mysql getting started with apache getting started with chef apache hadoop getting started
Related Article
What is SFTP Commands Linux_the Introduction
How to Configure CentOS 7.4 SFTP Server
Build an SFTP Server Using CentOS Built-in SSH Service
Configure Linux SFTP and Configure User Access
How to Easily Configure SFTP Server Linux In 6 Steps
Automatic Upload and Download of SFTP Files_Shell Script

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

Hot Article
Hot Tags
computing conference access forum computer class data get http html applications
Popular Keywords
html add blank space register business logo register ssl certificate full site sign in sign up node js build cloud register register a subdomain in python network management system tutorial how to learn computer science by myself

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More