Chapter 11 IPsec VPN for FortiOS 5.0 : IPv6 Features : IPv6 policies : VIP46
  
VIP46
VIP46 policies can be used to configure static NAT virtual IPv4 address for IPv6 addresses. VIP46 can be configured from the CLI using the following commands (see the table below for variable details):
config firewall vip46
edit <name_str>
set arp-reply {enable | disable}
set color <color_int>
set comment <comment_str>
set extip <address_ipv4>[-address_ipv4]
set extport <port_int>
set id <id_num_str>
set mappedip [<start_ipv6>-<end_ipv6>]
set mappedport <port_int>
set portforward {enable | disable}
set src-filter <add_str>
end
Table 77: VIP46 CLI Variables and Defaults
Variable
Description
Default
<name_str>
Enter the name of this virtual IP address.
No default.
arp-reply
{enable | disable}
Select to respond to ARP requests for this virtual IP address.
enable
color <color_int>
Enter the number of the color to use for the group icon in the web-based manager.
0
comment <comment_str>
Enter comments relevant to the configured virtual IP.
No default.
extip <address_ipv4>[-address_ipv4]
Enter the IP address or address range on the external interface that you want to map to an address or address range on the destination network.
If mappedip is an IP address range, the FortiGate unit uses extip as the first IP address in the external IP address range, and calculates the last IP address required to create an equal number of external and mapped IP addresses for one-to-one mapping.
To configure a dynamic virtual IP that accepts connections destined for any IP address, set extip to 0.0.0.0.
0.0.0.0
extport <port_int>
Enter the external port number that you want to map to a port number on the destination network.
This option only appears if portforward is enabled.
If portforward is enabled and you want to configure a static NAT virtual IP that maps a range of external port numbers to a range of destination port numbers, set extport to the first port number in the range. Then set mappedport to the start and end of the destination port range. The FortiGate unit automatically calculates the end of the extport port number range.
0
id <id_num_str>
Enter a unique identification number for the configured virtual IP. Not checked for uniqueness. Range 0 - 65535.
No default.
mappedip
[<start_ipv6>-<end_ipv6>]
Enter the IP address or IP address range on the destination network to which the external IP address is mapped.
If mappedip is an IP address range, the FortiGate unit uses extip as the first IP address in the external IP address range, and calculates the last IP address required to create an equal number of external and mapped IP addresses for one-to-one mapping.
If mappedip is an IP address range, the FortiGate unit uses extip as a single IP address to create a one-to-many mapping.
::
mappedport <port_int>
Enter the port number on the destination network to which the external port number is mapped.
You can also enter a port number range to forward packets to multiple ports on the destination network.
For a static NAT virtual IP, if you add a map to port range the FortiGate unit calculates the external port number range.
0
portforward
{enable | disable}
Select to enable port forwarding. You must also specify the port forwarding mappings by configuring extport and mappedport.
disable
src-filter <addr_str>
Enter a source address filter. Each address must be in the form of an IPv4 subnet (x.x.x.x/n). Separate addresses with spaces.
null