Fortinet black logo

Administration Guide

Configuring port forwarding in HA mode

Copy Link
Copy Doc ID ff7385cb-a8b9-11e9-81a4-00505692583a:156719
Download PDF

Configuring port forwarding in HA mode

FortiGate configuration

Complete the following steps in the FortiGate UI.

  1. Go to Policy & Objects > Virtual IPs.
  2. Create two IPv4 virtual IPs with the following information:
    • IP-Mapping-443: <external_IP_address> > 10.160.12.207 (TCP: 14443 > 443)

    • IP-Mapping-8887: <external_IP_address> > 10.160.12.207 (TCP: 14887 > 8887)

  3. Go to Policy & Objects > IPv4 Policy > Create New.
  4. Create an IPv4 policy that includes the two virtual IPs that you created.

FortiIsolator configuration

Use the FortiIsolator CLI to configure port forwarding mappings. Use the following commands:

  1. set fis-ipmap <port_map_to_443> <port_map_to_8887> <external_IP_address>

    For example, set fis-ipmap 12443 12887 <external_IP_address>.

  2. set fis-ipmap-vip <port_map_to_443> <port_map_to_8887> <external_IP_address>

    For example, set fis-ipmap-vip 14443 14887 <external_IP_address>.

  3. set fis-ipmap-ha <priority> <external_IP_address> <internal_IP_address:slave_1> <port_map_to_443> <port_map_to_8887>

    For example, set fis-ipmap-ha 10 <external_IP_address> 10.160.12.207 12443 12887

Client system configuration

Complete the following steps on the client system (for example, Windows 10).

  1. In Windows 10, launch CMD as administrator.
  2. Use the following commands to add the FortiGate IP address to the routing table on the client system:
    1. At the command prompt, type route ADD <external_IP_address> Mask 255.255.255.255 <FortiGate_IP_address>.

      For example, route –p ADD <external_IP_address> MASK 255.255.255.255 10.160.17.89.

    2. To confirm the setup, type route print.

  3. To verify that it works in a browser, browse to https://<external_IP_address>:14443/isolator/https://www.google.com.

Configuring port forwarding in HA mode

FortiGate configuration

Complete the following steps in the FortiGate UI.

  1. Go to Policy & Objects > Virtual IPs.
  2. Create two IPv4 virtual IPs with the following information:
    • IP-Mapping-443: <external_IP_address> > 10.160.12.207 (TCP: 14443 > 443)

    • IP-Mapping-8887: <external_IP_address> > 10.160.12.207 (TCP: 14887 > 8887)

  3. Go to Policy & Objects > IPv4 Policy > Create New.
  4. Create an IPv4 policy that includes the two virtual IPs that you created.

FortiIsolator configuration

Use the FortiIsolator CLI to configure port forwarding mappings. Use the following commands:

  1. set fis-ipmap <port_map_to_443> <port_map_to_8887> <external_IP_address>

    For example, set fis-ipmap 12443 12887 <external_IP_address>.

  2. set fis-ipmap-vip <port_map_to_443> <port_map_to_8887> <external_IP_address>

    For example, set fis-ipmap-vip 14443 14887 <external_IP_address>.

  3. set fis-ipmap-ha <priority> <external_IP_address> <internal_IP_address:slave_1> <port_map_to_443> <port_map_to_8887>

    For example, set fis-ipmap-ha 10 <external_IP_address> 10.160.12.207 12443 12887

Client system configuration

Complete the following steps on the client system (for example, Windows 10).

  1. In Windows 10, launch CMD as administrator.
  2. Use the following commands to add the FortiGate IP address to the routing table on the client system:
    1. At the command prompt, type route ADD <external_IP_address> Mask 255.255.255.255 <FortiGate_IP_address>.

      For example, route –p ADD <external_IP_address> MASK 255.255.255.255 10.160.17.89.

    2. To confirm the setup, type route print.

  3. To verify that it works in a browser, browse to https://<external_IP_address>:14443/isolator/https://www.google.com.