Fortinet white logo
Fortinet white logo

Administration Guide

Configuring the VIP to access the remote servers

Configuring the VIP to access the remote servers

VIPs, interface IP addresses, and policies are created on the cloud FortiGate-VM to allow access to the remote servers.

To configure additional private IPs on AWS for the FortiGate VIP:
  1. On the FortiGate EC2 instance, edit the Elastic Network Interface that corresponds to port2. In this example, Network Interface eth1.

  2. Go to Actions > Manage IP Addresses.

  3. Add two private IP address in the 10.0.2.0/24 subnet.

    These address will be used in the VIPs on the FortiGate. This ensures that traffic to these IP addresses is routed to the FortiGate by AWS.

  4. Click Yes, Update.

To configure VIPs on the cloud FortiGate-VM:
  1. Go to Policy & Objects > Virtual IPs and select the Virtual IP tab.

  2. Click Create new.

  3. Configure the following:

    Name

    VIP-HTTP

    Interface

    port2

    External IP address/range

    10.0.2.20

    Map to IPv4 address/range

    10.0.3.33

  4. Click OK.

  5. Create a second VIP for the FTP server with the following settings:

    Name

    VIP-FTP

    Interface

    port2

    External IP address/range

    10.0.2.21

    Map to IPv4 address/range

    10.0.3.44

To configure firewall policies to allow traffic from port2 to port3:
  1. Go to Policy & Objects > Firewall Policy and click Create New.

  2. Configure the following:

    Name

    To-WebServer

    Incoming Interface

    port2

    Outgoing Interface

    port3

    Source

    all

    Destination

    VIP-HTTP

    Schedule

    always

    Service

    ALL

    Action

    ACCEPT

    NAT

    Enabled

  3. Configure the remaining settings as required.

  4. Click OK.

  5. Create a second policy for the FTP VIP with the following settings:

    Name

    To-FTP

    Incoming Interface

    port2

    Outgoing Interface

    port3

    Source

    all

    Destination

    VIP-FTP

    Schedule

    always

    Service

    ALL

    Action

    ACCEPT

    NAT

    Enabled

  6. Click OK.

Configuring the VIP to access the remote servers

Configuring the VIP to access the remote servers

VIPs, interface IP addresses, and policies are created on the cloud FortiGate-VM to allow access to the remote servers.

To configure additional private IPs on AWS for the FortiGate VIP:
  1. On the FortiGate EC2 instance, edit the Elastic Network Interface that corresponds to port2. In this example, Network Interface eth1.

  2. Go to Actions > Manage IP Addresses.

  3. Add two private IP address in the 10.0.2.0/24 subnet.

    These address will be used in the VIPs on the FortiGate. This ensures that traffic to these IP addresses is routed to the FortiGate by AWS.

  4. Click Yes, Update.

To configure VIPs on the cloud FortiGate-VM:
  1. Go to Policy & Objects > Virtual IPs and select the Virtual IP tab.

  2. Click Create new.

  3. Configure the following:

    Name

    VIP-HTTP

    Interface

    port2

    External IP address/range

    10.0.2.20

    Map to IPv4 address/range

    10.0.3.33

  4. Click OK.

  5. Create a second VIP for the FTP server with the following settings:

    Name

    VIP-FTP

    Interface

    port2

    External IP address/range

    10.0.2.21

    Map to IPv4 address/range

    10.0.3.44

To configure firewall policies to allow traffic from port2 to port3:
  1. Go to Policy & Objects > Firewall Policy and click Create New.

  2. Configure the following:

    Name

    To-WebServer

    Incoming Interface

    port2

    Outgoing Interface

    port3

    Source

    all

    Destination

    VIP-HTTP

    Schedule

    always

    Service

    ALL

    Action

    ACCEPT

    NAT

    Enabled

  3. Configure the remaining settings as required.

  4. Click OK.

  5. Create a second policy for the FTP VIP with the following settings:

    Name

    To-FTP

    Incoming Interface

    port2

    Outgoing Interface

    port3

    Source

    all

    Destination

    VIP-FTP

    Schedule

    always

    Service

    ALL

    Action

    ACCEPT

    NAT

    Enabled

  6. Click OK.