How to Push Your Internal WEB Server out to the internet using Destination Nat and map it to a Domain Name on a Fortinet Firewall And what do do if you have another Router in your path that requires PAT to traverse.
Version 6.4.8 but similar in later versions: Especially CLI commands.
Contents:
Notes missed out:
This is an example and boilerplate setup. You must Add additional security measures per use case.
Name policies to some naming convention for ease and neatness.
Think about denying unnecessary services and IP addresses.
DMZ interfaces are a good Idea to to use for unwanted attention Seeking web servers to keep them separate from your private network with strict policies between if any. any back end communication to web servers should follow multi tier architecture and segmentation to provide the most security.
Log your policies to investigate issues or suspicious IP's (Check Abuse website)
Here's the CLI Config:
The Rest of the are steps in the Video.
config firewall vip
edit "Your chosen VIP name here"
set extip 0.0.0.0 :Your wan interface's address no quotes.
set extintf "any" :Set as any or your wan interface.
set mappedip "0.0.0.0" :Choose your internal server IP in quote.
next
end
config firewall policy
edit 8
set name "Your Chosen Policy Name" :Same as above name.
set srcintf "port 2" :Choose your servers gateway interface
set dstintf "port 1" :Choose your wan interface
set srcaddr "all" :Set allowed "public" IP's to access this server.
set dstaddr "EnterVipname" :Same as name declared in VIP.
set action accept :Declares as allow policy.
set schedule "always" :Can schedule time for access to server.
set service "ALL" :Can set service to HTTP only etc.
set nat enable :Enable the IP translation
end :Close the configuration, Done!
Check out my My New Channel the ocean hacker: [ Ссылка ]
