Here in this article we will understand what is DNAT and how to configure in fortigate firewall.
What Is DNAT:
DNAT means destination NAT using this feature we can do destination IP and destination port forwarding. Lets say you have webserver in your internal network hosted on the port 8080 and that web server will have private ip. So anyone from the external network cannot access this webserver since it is private IP address. So if some one from external network want to access this webserver which is behind the firewall, first they should access firewall public IP then firewall should forward traffic to internal webserver with same port.
Firewall Configuration For DNAT:
In order to implement DNAT in firewall, you need to create virtual IP object and then you need to create firewall policy.
Creation Of Virtual IP:
Under policy and objects >> Virtual IP >> Click on create new:
Interface: Select WAN interface of the firewall
External IP address: Give your firewall WAN public IP address
Map to IPv4: Give your internal server IP address.
Port Forwarding: Enable
External Service Port: Select protocol depends on your requirement:
Keep external service port as “8080” and mapped port also same “8080”
Firewall Policy Creating:
Now you need to define firewall policy to allow this VIP traffic. Under policy objects >> create new
In Incoming interface: WAN port
In Outgoing interface: Internal port
In Source: If you want to give this VIP access for everyone, you can keep it all or you can select specific public ip to which they want this VIP access.
In Destination: Select the VIP object which we have created earlier.
In Service : Select service depends on your requirement, else you can keep ALL
Now the traffic for the VIP will be allowed through this specific firewall policy.
Hope this article helps you 🙂