Setting up IP mapping
The default IP address of the FortiIsolator management interface is 192.168.1.99. To perform the initial configuration, connect a device to the management interface and configure the device with an IP address to 192.168.1.1/24. You can access FortiIsolator using SSH or the FortiIsolator GUI. The default username is admin and there is no default password.
Use the FortiIsolator GUI or CLI to set the permanent IP address configuration.
You can perform the initial configuration using the serial console. For more information, see the FortiIsolator 1000F QuickStart Guide.
Topology
FortiIsolator supports IP mapping, which allows you to configure access to FortiIsolator through port forwarding. Port forwarding maps external IP addresses to FortiIsolator internal IP addresses. You can configure port forwarding in high availability (HA) or regular mode.
For example, if two networks, one external and one internal, connect to a FortiGate device, when IP addresses on the external network are accessed, traffic is redirected to the internal IP addresses on FortiIsolator. The configuration information in this section follows an example setup with the following values:
External IP address of router |
<external_IP_address> |
Internal IP address of FortiIsolator |
10.160.12.207 |
Router redirections |
|
Important note
Prior to GA release 2.3.1, FortiIsolator (FIS) used two ports to redirect HTTPS traffics in between web servers and FIS: port 443 and 8887.
Both ports handle network traffics for different purposes, for sending/receiving traffics from/to web servers and FortiIsolator.
In order to setup IP Mapping, FortiIsolator needs to map to both ports need from the external IP address to internal IP address of FortiIsolator's. This can be done over CLI commands only; it’s currently not available on GUI.
The CLI command for mapping ports:
set fis-ipmap <port_map_to_443> <port_map_to_8887> <external_IP_address>
Example:
set fis-ipmap 12443 12887 172.30.147.207
Since GA release 2.3.1, FortiIsolator enhanced the IP Mapping with only one port: port 443. However, using the same CLI in order to compatible with previous versions, the CLI needs to map the same port, as follows:
set fis-ipmap <port_map_to_443> <port_map_to_443> <external_IP_address>
Example:
set fis-ipmap 12443 12443 172.30.147.207