Fortinet black logo

Administration Guide

Home FortiIsolator 2.4.1 Administration Guide
2.4.1
2.4.4
2.4.3
2.4.2
2.4.1
2.4.0
2.3.4
2.3.1
2.3.0
2.2.0
2.1.2
2.1.1
2.1.0
2.0.1
2.0.0
1.2.2
1.2.1
1.2.0
1.1.0

Configuring IP mapping in regular mode

Configuring IP mapping in regular mode

Configuring IP Mapping in regular mode (non-HA) requires configurations in three systems:

  1. FortiIsolator configuration
  2. FortiGate configuration
  3. Client system configuration
FortiIsolator configuration

In the FortiIsolator CLI, configure port forwarding mappings using the fis-ipmap command in the following format:

set fis-ipmap <port_map_to_443> <external_IP_address>

For example,

set fis-ipmap 12443 172.30.147.207

FortiGate configuration

Complete the following steps in the FortiGate UI.

  1. Go to Policy & Objects > Virtual IPs.
  2. Create an IPv4 virtual IP with the following information:

    • IP-Mapping-443: <external_IP_address> -> FIS_IP (TCP: 12443 > 443)

      For example, 172.30.147.207 -> 172.30.157.148 (TCP: 12443 > 443)

    Note

    This example uses the following:

    • External_IP_address: 172.30.147.207
    • FIS_IP: 172.30.157.148

    Settings of ip-mapping-443:

  3. Go to Policy & Objects > IPv4 Policy > Create New.
  4. Create an IPv4 policy that includes the virtual IP (443) that you created.

Client system configuration

Complete the following steps on the client system (for example, Windows 10).

  1. In Windows 10, launch CMD as administrator.
  2. Use the following commands to add the FortiGate IP address to the routing table on the client system:
    1. At the command prompt, type

      route –p ADD <external_IP_address> Mask 255.255.255.255 <FGT_IP_address>

      For example,

      route –p ADD 172.30.147.207 MASK 255.255.255.255 172.30.157.90

    2. To confirm the setup, type route print.

  3. Check the Client IPv4 setting. Make sure default gateway is the FortiGate IP.

  4. Configure your browser by following the steps in IP Forwarding mode, depending on your browser type.
  5. Verify that it works by browsing to the following address:

    https://<external_IP_address>:<port_map_to_443>/isolator/https://www.fortinet.com

    e.g.:

    https://172.30.147.207:12443/isolator/https://www.fortinet.com

Previous
Next

Configuring IP mapping in regular mode

Configuring IP Mapping in regular mode (non-HA) requires configurations in three systems:

  1. FortiIsolator configuration
  2. FortiGate configuration
  3. Client system configuration
FortiIsolator configuration

In the FortiIsolator CLI, configure port forwarding mappings using the fis-ipmap command in the following format:

set fis-ipmap <port_map_to_443> <external_IP_address>

For example,

set fis-ipmap 12443 172.30.147.207

FortiGate configuration

Complete the following steps in the FortiGate UI.

  1. Go to Policy & Objects > Virtual IPs.
  2. Create an IPv4 virtual IP with the following information:

    • IP-Mapping-443: <external_IP_address> -> FIS_IP (TCP: 12443 > 443)

      For example, 172.30.147.207 -> 172.30.157.148 (TCP: 12443 > 443)

    Note

    This example uses the following:

    • External_IP_address: 172.30.147.207
    • FIS_IP: 172.30.157.148

    Settings of ip-mapping-443:

  3. Go to Policy & Objects > IPv4 Policy > Create New.
  4. Create an IPv4 policy that includes the virtual IP (443) that you created.

Client system configuration

Complete the following steps on the client system (for example, Windows 10).

  1. In Windows 10, launch CMD as administrator.
  2. Use the following commands to add the FortiGate IP address to the routing table on the client system:
    1. At the command prompt, type

      route –p ADD <external_IP_address> Mask 255.255.255.255 <FGT_IP_address>

      For example,

      route –p ADD 172.30.147.207 MASK 255.255.255.255 172.30.157.90

    2. To confirm the setup, type route print.

  3. Check the Client IPv4 setting. Make sure default gateway is the FortiGate IP.

  4. Configure your browser by following the steps in IP Forwarding mode, depending on your browser type.
  5. Verify that it works by browsing to the following address:

    https://<external_IP_address>:<port_map_to_443>/isolator/https://www.fortinet.com

    e.g.:

    https://172.30.147.207:12443/isolator/https://www.fortinet.com

Previous
Next