Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiProxy 7.6.0 Administration Guide
    7.6.0
    7.6.0
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.0
    7.0.19
    7.0.17
    7.0.0
    2.0.0
    1.2.0
    1.1.0
    1.0.0

    Virtual IPs

    Virtual IPs

    Static Virtual IPs (VIP) are used to map external IP addresses to internal IP addresses. This is also called destination NAT, where a packet's destination is being NAT'd, or mapped, to a different address.

    Static VIPs are commonly used to map public IP addresses to resources behind the FortiProxy unit that use private IP addresses. A static on-to-one VIP is when the entire port range is mapped. A port forwarding VIP is when the mapping is configured on a specific port or port range. See Virtual IPs with port forwarding for more information.

    VIPs are considered local IP addresses if responding to ARP requests on these external IP addresses is enabled (set arp-reply enable, by default). In this case, the FortiProxy is considered a destination for those IP addresses and can receive reply traffic at the application layer successfully.

    However, as a side-effect, once a VIP has been configured, even if it is never used in a policy, the FortiProxy considers it as a local address and will not forward traffic based on the routing table. Therefore, any unused VIPs should be deleted to prevent any unexpected behavior.

    Sample configuration

    To view the virtual IPs, go to Policy & Objects > Virtual IPs.

    Hover over the leftmost edge of the column heading to display the Configure Table icon, which you can use to select the columns to display or to reset all the columns to their default settings. You can also drag column headings to change their order.

    The following options are available:

    Create New > Virtual IP

    Add a new virtual IP. See Create or edit a virtual IP.

    Create New > Virtual IP Group

    Add a new virtual IP group. See Create or edit a virtual IP group.

    Edit

    Edit the selected virtual IP or virtual IP group. See Create or edit a virtual IP or Create or edit a virtual IP group

    Delete

    Remove the selected virtual IP or virtual IP group.

    Search

    Search for text in any column.

    Name

    The name of the virtual IP or virtual IP group.

    Interfaces

    The domain name.

    Details

    The interface to which the virtual IP or virtual IP group is bound.

    Comments

    Optional description of the virtual IP or virtual IP group.

    Ref.

    Displays the number of times the object is referenced to other objects.

    To view the location of the referenced object, select the number in Ref., and the Object Usage window appears displaying the various locations of the referenced object.

    extip

    External IP address or range for the virtual IP.
    Previous
    Next

    Virtual IPs

    Virtual IPs

    Static Virtual IPs (VIP) are used to map external IP addresses to internal IP addresses. This is also called destination NAT, where a packet's destination is being NAT'd, or mapped, to a different address.

    Static VIPs are commonly used to map public IP addresses to resources behind the FortiProxy unit that use private IP addresses. A static on-to-one VIP is when the entire port range is mapped. A port forwarding VIP is when the mapping is configured on a specific port or port range. See Virtual IPs with port forwarding for more information.

    VIPs are considered local IP addresses if responding to ARP requests on these external IP addresses is enabled (set arp-reply enable, by default). In this case, the FortiProxy is considered a destination for those IP addresses and can receive reply traffic at the application layer successfully.

    However, as a side-effect, once a VIP has been configured, even if it is never used in a policy, the FortiProxy considers it as a local address and will not forward traffic based on the routing table. Therefore, any unused VIPs should be deleted to prevent any unexpected behavior.

    Sample configuration

    To view the virtual IPs, go to Policy & Objects > Virtual IPs.

    Hover over the leftmost edge of the column heading to display the Configure Table icon, which you can use to select the columns to display or to reset all the columns to their default settings. You can also drag column headings to change their order.

    The following options are available:

    Create New > Virtual IP

    Add a new virtual IP. See Create or edit a virtual IP.

    Create New > Virtual IP Group

    Add a new virtual IP group. See Create or edit a virtual IP group.

    Edit

    Edit the selected virtual IP or virtual IP group. See Create or edit a virtual IP or Create or edit a virtual IP group

    Delete

    Remove the selected virtual IP or virtual IP group.

    Search

    Search for text in any column.

    Name

    The name of the virtual IP or virtual IP group.

    Interfaces

    The domain name.

    Details

    The interface to which the virtual IP or virtual IP group is bound.

    Comments

    Optional description of the virtual IP or virtual IP group.

    Ref.

    Displays the number of times the object is referenced to other objects.

    To view the location of the referenced object, select the number in Ref., and the Object Usage window appears displaying the various locations of the referenced object.

    extip

    External IP address or range for the virtual IP.
    Previous
    Next