Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiIsolator 2.2.0 Administration Guide
    2.2.0
    2.4.5
    2.4.4
    2.4.3
    2.4.2
    2.4.1
    2.4.0
    2.3.4
    2.3.1
    2.3.0
    2.2.0
    2.1.2
    2.1.1
    2.1.0
    2.0.1
    2.0.0
    1.2.2
    1.2.1
    1.2.0
    1.1.0

    Configuring IP Mapping in regular mode

    Configuring IP Mapping in regular mode

    Configuring IP Mapping in regular mode (non-HA) requires configurations in three systems:

    1. FortiIsolator configuration
    2. FortiGate configuration
    3. Client system configuration
    FortiIsolator configuration

    Use the FortiIsolator CLI to configure port forwarding mappings. Use the fis-ipmap command in the following format:

    set fis-ipmap <external_port> <internal_port> <external_IP_address>

    For example,

    • set fis-ipmap 18443 18887 172.30.147.207

    FortiGate configuration

    Complete the following steps in the FortiGate UI.

    1. Go to Policy & Objects > Virtual IPs.
    2. Create two IPv4 virtual IPs with the following information:

      • IP-Mapping-443: <external_IP_address> > 10.160.12.207 (TCP: 12443 > 443)

        e.g. 172.30.147.207 -> FIS_IP (TCP: 18443 > 443)

      • IP-Mapping-8887: <external_IP_address> > 10.160.12.207 (TCP: 12887 > 8887)

        e.g. 172.30.147.207 -> 172.30.157.18 (TCP: 18887 > 8887)

      Note

      This example uses the following:

      • External_IP_address: 172.30.147.207
      • FIS_IP: 172.30.157.18

      Settings of ip-mapping-443:

      Settings of ip-mapping-8887:

    3. Go to Policy & Objects > IPv4 Policy > Create New.
    4. Create an IPv4 policy that includes the two virtual IPs that you created.

    Client system configuration

    Complete the following steps on the client system (for example, Windows 10).

    1. In Windows 10, launch CMD as administrator.

    2. Use the following commands to add the FortiGate IP address to the routing table on the client system:

      1. At the command prompt, type

        route –p ADD <external_IP_address> Mask 255.255.255.255 <FGT_IP_address>

        For example,

        route –p ADD 172.30.147.207 MASK 255.255.255.255 172.30.157.48

      2. To confirm the setup, type route print.

    3. To verify that it works in a browser, browse to:

      https://<external_IP_address>:<port_map_to_443>/isolator/https://www.fortinet.com

      e.g.: https://172.30.147.207:18443/isolator/https://www.fortinet.com

    Previous
    Next

    Configuring IP Mapping in regular mode

    Configuring IP Mapping in regular mode

    Configuring IP Mapping in regular mode (non-HA) requires configurations in three systems:

    1. FortiIsolator configuration
    2. FortiGate configuration
    3. Client system configuration
    FortiIsolator configuration

    Use the FortiIsolator CLI to configure port forwarding mappings. Use the fis-ipmap command in the following format:

    set fis-ipmap <external_port> <internal_port> <external_IP_address>

    For example,

    • set fis-ipmap 18443 18887 172.30.147.207

    FortiGate configuration

    Complete the following steps in the FortiGate UI.

    1. Go to Policy & Objects > Virtual IPs.
    2. Create two IPv4 virtual IPs with the following information:

      • IP-Mapping-443: <external_IP_address> > 10.160.12.207 (TCP: 12443 > 443)

        e.g. 172.30.147.207 -> FIS_IP (TCP: 18443 > 443)

      • IP-Mapping-8887: <external_IP_address> > 10.160.12.207 (TCP: 12887 > 8887)

        e.g. 172.30.147.207 -> 172.30.157.18 (TCP: 18887 > 8887)

      Note

      This example uses the following:

      • External_IP_address: 172.30.147.207
      • FIS_IP: 172.30.157.18

      Settings of ip-mapping-443:

      Settings of ip-mapping-8887:

    3. Go to Policy & Objects > IPv4 Policy > Create New.
    4. Create an IPv4 policy that includes the two virtual IPs that you created.

    Client system configuration

    Complete the following steps on the client system (for example, Windows 10).

    1. In Windows 10, launch CMD as administrator.

    2. Use the following commands to add the FortiGate IP address to the routing table on the client system:

      1. At the command prompt, type

        route –p ADD <external_IP_address> Mask 255.255.255.255 <FGT_IP_address>

        For example,

        route –p ADD 172.30.147.207 MASK 255.255.255.255 172.30.157.48

      2. To confirm the setup, type route print.

    3. To verify that it works in a browser, browse to:

      https://<external_IP_address>:<port_map_to_443>/isolator/https://www.fortinet.com

      e.g.: https://172.30.147.207:18443/isolator/https://www.fortinet.com

    Previous
    Next