VIP Group
The company has only a single external IP address but multiple servers with different functions running on its internal LAN that need to be accessed from the Internet.
• The external IP address of the company on wan1 is 256.34.56.149 (for example use only. Not a valid IP address)
• The webserver is on the internal LAN on 192.168.100.86
• The webserver needs to answer on ports 80 443
• The administration of the FortiGate firewall connects on port 4443 instead of 443
• There is are also a separate email server, FTP server, and Terminal Server for specialised applications.
• 2 Virtual IPs have been created to map 256.34.56.149 to 192.168.100.86 on ports 80 and 443. The names are webserver_80 and webserver_443 respectively.
Go to Policy & Objects > Objects> Virtual IPs and select Create New > Virtual IP Group.
Fill out the fields with the following information.
Type | IPv4 VIP Group |
Name | WebServer_Grp |
Comments | (Optional) |
Interface | wan1 |
Members | webserver_80 webserver_443 |
Enter the following CLI command:
config firewall vipgrp
edit WebServer_Grp
set member “webserver_80” “webserver_443”
next
end
To verify that the category was added correctly:
Go to Policy & Objects > Objects > Virtual IPs. Check that the virtual IP address group has been added to the list and that it is correct.
Enter the following CLI command:
config firewall vipgrp
edit <the name of the vip that you wish to verify>
show full-configuration