Configure Virtual IP in Fortigate is a simple necessary task for our work, in most cases, we have to configure VIP for configuring port forwarding ; but wait guys what are we actually doing while configuring Virtual IP? Let me simplify it for you in a simple way- There is a real IP address which could be part of your real IP’s pool or even your single firewall IP address,
We use on this IP and assigning to it a random port like 44444 or even we use on a known specific port like 3389 or 21(depends on the demands) and then enabling Port Forwarding toward our internal service and specifying the internal service IP weather is RDSH server or FTP server while setting this service we have to specify a map to Port for instance 3389 or 21.
The second phase is creating a firewall rule and adding this virtual IP to be operated, don’t forget, we just created the VIP, however, no rule knows about it yet, in the rule we decided what interfaces and what source object can reach to this VIP.
Let’s begin and follow my steps:
Sign in to your FIrewall and then click on “Virtual IP’s“:
Then click on “Create New” > “New Virtual IP“:
Set a name: for your VIP.
Set your external IP address
Set mapped IT address (Internal IP) which is service.
Enabling “Port forwarding:
External Service Port: use any specific, random which is not used.
MAP to port: RDP 3389
As soon as it done, this is the second phase, we have to create a rule and make sure that only we are able to access this VIP:
Set a Name for your rule
Incoming Interface: WAN.
Outgoing interface : Internal or your VLAN.
Source: I have created a new address of my IP address and put it there.
Destination: my Virtual IP.
Great, at this point from the “Source” object which is my computer I can open MSTSC.exe and run RDP successfully to that server.