FortiGate İçden gelen ve dış arabirimine atanan genel IP adresine sunucunun sorguları gönderme işlemi.
1. Configure a VIP mapping WAN interface to the remote site’s IP address.
config firewall vip
edit “PublicServer”
set extip [public_ip-address]
set extintf “wan1″
set portforward enable
set mappedip “[server_ip-address]”
set extport [service_port]
set mappedport [service_port]
next
end
2. Configure an IPv4 policy from Internal to WAN redirecting traffic over this port using the VIP.
config firewall policy
edit [policy_ID]
set srcintf “Internal”
set dstintf “wan1″
set srcaddr “all”
set dstaddr “PublicServer”
set action accept
set schedule “always”
set service “[service]”
set nat enable
next
end
3. Configure a policy route to force all traffic meant for that service back to the server.
config router policy
edit 1
set input-device “Internal”
set src “[server_ip-address]/255.255.255.255″
set dst “[server_ip-address]/255.255.255.255″
set protocol 6
set start-port [service_port]
set end-port [service_port]
set gateway [wan1_DG]
set output-device “Internal”
next
end
3,986 total views, 1 views today