Otomatik hairpin kullanarak içerdeki sunucuya ulaşmak

FortiGate İçden gelen ve dış arabirimine atanan genel IP adresine sunucunun sorguları gönderme işlemi.

1. Configure a VIP mapping WAN interface to the remote site’s IP address.

config firewall vip
edit “PublicServer”
set extip [public_ip-address]
set extintf “wan1″
set portforward enable
set mappedip “[server_ip-address]”
set extport [service_port]
set mappedport [service_port]
next
end

2. Configure an IPv4 policy from Internal to WAN redirecting traffic over this port using the VIP.

config firewall policy
edit [policy_ID]
set srcintf “Internal”
set dstintf “wan1″
set srcaddr “all”
set dstaddr “PublicServer”
set action accept
set schedule “always”
set service “[service]”
set nat enable
next
end

3. Configure a policy route to force all traffic meant for that service back to the server.

config router policy
edit 1
set input-device “Internal”
set src “[server_ip-address]/255.255.255.255″
set dst “[server_ip-address]/255.255.255.255″
set protocol 6
set start-port [service_port]
set end-port [service_port]
set gateway [wan1_DG]
set output-device “Internal”
next
end

1,594 total views, 1 views today

Bir Cevap Yazın

E-posta hesabınız yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Şu HTML etiketlerini ve özelliklerini kullanabilirsiniz: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>