Set Up FortiGate Port Forwarding In A Matter Of Minutes: Here’s How
All devices on your home network share the IP given to you by your Internet Service Provider. This IP is usually configured on your router. By giving other devices access to your router through port forwarding, the firewall, which is the security feature in your router, seizes to block these incoming connections. Thus, your router will take instructions and forward specific requests from the internet to the specified destinations comprising the devices connected on your IP. Port Forwarding your FortiGate comprises the creation of a virtual IP address and firewall policy. We give you a step by step guide on howto set up FortiGate port forwarding.
Things You’ll Need Beforehand
- FortiGate units
- FortiOS 5.0, 5.2, and 5.4
Create A Virtual IP Address
To add a virtual IP address, follow the steps below:
- In FortiOS 5.0, click Firewall Objects, then Virtual IPs; in 5.2, Click Policy and Objects, select Objects then Virtual IPs, and in 5.4, Click Policy and Objects then Virtual IPs.
- Select Create New and add a name for the Virtual IP object.
- Select the External Interface, which will connect your Fortigate to the Internet.
- Enter the External IP address
- Enter the Mapped IP address to the Windows Server PC internal IP address
- Check the Port Forwarding checkbox.
- In the Protocol field, set the appropriate protocol. In this case, the protocol should be TCP.
- Set the External Service Port
- In the Map to Port field, enter the internal port to which the external port requests will be routed.
- Click the OK tab.
Add a Firewall Policy With a Virtual IP
Once you have set the virtual IP, you need to define a firewall policy that accepts traffic from the internet and forwards it to your internal Windows PC server as follows:
- In FortiOS 5.0, select Policy; in 5.2, choose Policy and Objects, Policy then IPv4 and 5.4, select Policy and Objects then IPv4 policy.
- Select the Create New tab
- Set Source Interface to your Internet interface
- Now, set the Destination Interface to Internal
- Set the Source Address to All
- Now, rename the Destination name to the name of the virtual IP.
- Select the appropriate protocol in the Service Field that is HTTP or HTTPS.
- Now, select Accept in the Action field.
- Select OK to apply the above settings.