Register Now

Login

Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

How To Configure DNAT In Fortigate Firewall From WAN To LAN With Same Port

Here in this article we will understand what is DNAT and how to configure in fortigate firewall.

What Is DNAT:

DNAT means destination NAT using this feature we can do destination IP and destination port forwarding. Lets say you have webserver in your internal network hosted on the port 8080 and that web server will have private ip. So anyone from the external network cannot access this webserver since it is private IP address. So if some one from external network want to access this webserver which is behind the firewall, first they should access firewall public IP then firewall should forward traffic to internal webserver with same port.

Firewall Configuration For DNAT:

In order to implement DNAT  in firewall, you need to create virtual IP object and then you need to create firewall policy.

Creation Of Virtual IP:

Under policy and objects >> Virtual IP >> Click on create new:

Interface: Select WAN interface of the firewall

External IP address: Give your firewall WAN public IP address

Map to IPv4: Give your internal server IP address.

Port Forwarding: Enable

External Service Port: Select protocol depends on your requirement:

Keep external service port as “8080” and mapped port also same “8080”

dnatvip

Firewall Policy Creating:

Now you need to define firewall policy to allow this VIP traffic. Under policy objects >> create new

In Incoming interface: WAN port

In Outgoing interface: Internal port

In Source: If you want to give this VIP access for everyone, you can keep it all or you can select specific public ip to which they want this VIP access.

In Destination: Select the VIP object which we have created earlier.

In Service : Select service depends on your requirement, else you can keep ALL

FW policy

Now the traffic for the VIP will be allowed through this specific firewall policy.

Hope this article helps you 🙂