Configuring IP mapping in regular mode
Configuring IP Mapping in regular mode (non-HA) requires configurations in three systems:
- FortiIsolator configuration
- FortiGate configuration
- Client system configuration
FortiIsolator configuration
In the FortiIsolator CLI, configure port forwarding mappings using the fis-ipmap
command in the following format:
set fis-ipmap <port_map_to_443> <external_IP_address>
For example,
set fis-ipmap 12443 172.30.147.207
FortiGate configuration
Complete the following steps in the FortiGate UI.
- Go to Policy & Objects > Virtual IPs.
- Create an IPv4 virtual IP with the following information:
IP-Mapping-443: <external_IP_address> -> FIS_IP (TCP: 12443 > 443)
For example, 172.30.147.207 -> 172.30.157.148 (TCP: 12443 > 443)
This example uses the following:
- External_IP_address: 172.30.147.207
- FIS_IP: 172.30.157.148
Settings of ip-mapping-443:
- Go to Policy & Objects > IPv4 Policy > Create New.
- Create an IPv4 policy that includes the virtual IP (443) that you created.
Client system configuration
Complete the following steps on the client system (for example, Windows 10).
- In Windows 10, launch CMD as administrator.
- Use the following commands to add the FortiGate IP address to the routing table on the client system:
- At the command prompt, type
route –p ADD <external_IP_address> Mask 255.255.255.255 <FGT_IP_address>
For example,
route –p ADD 172.30.147.207 MASK 255.255.255.255 172.30.157.90
- To confirm the setup, type
route print
.
- At the command prompt, type
- Check the Client IPv4 setting. Make sure default gateway is the FortiGate IP.
- Configure your browser by following the steps in IP Forwarding mode, depending on your browser type.
- Verify that it works by browsing to the following address:
https://<external_IP_address>:<port_map_to_443>/isolator/https://www.fortinet.com
e.g.:
https://172.30.147.207:12443/isolator/https://www.fortinet.com