Fortinet white logo
Fortinet white logo

Administration Guide

Setting up IP mapping

Setting up IP mapping

The default IP address of the FortiIsolator management interface is 192.168.1.99. To perform the initial configuration, connect a device to the management interface and configure the device with an IP address to 192.168.1.1/24. You can access FortiIsolator using SSH or the FortiIsolator GUI. The default username is admin and there is no default password.

Use the FortiIsolator GUI or CLI to set the permanent IP address configuration.

You can perform the initial configuration using the serial console. For more information, see the FortiIsolator 1000F QuickStart Guide.

Topology

FortiIsolator supports IP mapping, which allows you to configure access to FortiIsolator through port forwarding. Port forwarding maps external IP addresses to FortiIsolator internal IP addresses. You can configure port forwarding in high availability (HA) or regular mode.

For example, if two networks, one external and one internal, connect to a FortiGate device, when IP addresses on the external network are accessed, traffic is redirected to the internal IP addresses on FortiIsolator. The configuration information in this section follows an example setup with the following values:

External IP address of router

<external_IP_address>

Internal IP address of FortiIsolator

10.160.12.207

Router redirections

  • <external_IP_address>:12443 > 10.160.12.207:443
  • <external_IP_address>:12887 > 10.160.12.207:8887

Important note

Prior to GA release 2.3.1, FortiIsolator (FIS) used two ports to redirect HTTPS traffics in between web servers and FIS: port 443 and 8887.

Both ports handle network traffics for different purposes, for sending/receiving traffics from/to web servers and FortiIsolator.

In order to setup IP Mapping, FortiIsolator needs to map to both ports need from the external IP address to internal IP address of FortiIsolator's. This can be done over CLI commands only; it’s currently not available on GUI.

The CLI command for mapping ports:

set fis-ipmap <port_map_to_443> <port_map_to_8887> <external_IP_address>

Example:

set fis-ipmap 12443 12887 172.30.147.207

Since GA release 2.3.1, FortiIsolator enhanced the IP Mapping with only one port: port 443. However, using the same CLI in order to compatible with previous versions, the CLI needs to map the same port, as follows:

set fis-ipmap <port_map_to_443> <port_map_to_443> <external_IP_address>

Example:

set fis-ipmap 12443 12443 172.30.147.207

Setting up IP mapping

Setting up IP mapping

The default IP address of the FortiIsolator management interface is 192.168.1.99. To perform the initial configuration, connect a device to the management interface and configure the device with an IP address to 192.168.1.1/24. You can access FortiIsolator using SSH or the FortiIsolator GUI. The default username is admin and there is no default password.

Use the FortiIsolator GUI or CLI to set the permanent IP address configuration.

You can perform the initial configuration using the serial console. For more information, see the FortiIsolator 1000F QuickStart Guide.

Topology

FortiIsolator supports IP mapping, which allows you to configure access to FortiIsolator through port forwarding. Port forwarding maps external IP addresses to FortiIsolator internal IP addresses. You can configure port forwarding in high availability (HA) or regular mode.

For example, if two networks, one external and one internal, connect to a FortiGate device, when IP addresses on the external network are accessed, traffic is redirected to the internal IP addresses on FortiIsolator. The configuration information in this section follows an example setup with the following values:

External IP address of router

<external_IP_address>

Internal IP address of FortiIsolator

10.160.12.207

Router redirections

  • <external_IP_address>:12443 > 10.160.12.207:443
  • <external_IP_address>:12887 > 10.160.12.207:8887

Important note

Prior to GA release 2.3.1, FortiIsolator (FIS) used two ports to redirect HTTPS traffics in between web servers and FIS: port 443 and 8887.

Both ports handle network traffics for different purposes, for sending/receiving traffics from/to web servers and FortiIsolator.

In order to setup IP Mapping, FortiIsolator needs to map to both ports need from the external IP address to internal IP address of FortiIsolator's. This can be done over CLI commands only; it’s currently not available on GUI.

The CLI command for mapping ports:

set fis-ipmap <port_map_to_443> <port_map_to_8887> <external_IP_address>

Example:

set fis-ipmap 12443 12887 172.30.147.207

Since GA release 2.3.1, FortiIsolator enhanced the IP Mapping with only one port: port 443. However, using the same CLI in order to compatible with previous versions, the CLI needs to map the same port, as follows:

set fis-ipmap <port_map_to_443> <port_map_to_443> <external_IP_address>

Example:

set fis-ipmap 12443 12443 172.30.147.207