Forskel mellem versioner af "Fortinet"

Fra NørderiWiki
Skift til: Navigation, Søgning
(public ip)
Linje 29: Linje 29:
 
     end
 
     end
  
Hairpin
+
= GeoIP =
 +
 
 +
Slå op hvilket land en IP hører til:
 +
 
 +
diagnose firewall ipgeo ip2country x.x.x.x
 +
 
 +
= Hairpin =
  
  

Versionen fra 27. feb 2018, 07:02

NAT / VIP - Port forward

Lav VIPs for hver port der skal åbnes/forwardes, fx:

public.y.xxx.zz --> 192.168.1.50 (TCP: 3390 --> 3389)

Hvis der er flere porte mod samme server, kan der laves en VIP group.

Herefter er det bare at lave en policy med VIP group som destination og ALL i Service.

Se https://docs.fortinet.com/uploaded/files/1652/using-port-forwarding-on-a-FortiGate-unit.pdf


http://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-firewall/Object%20Configuration/Virtual%20IPs/Configuring%20a%20VIP%20for%20IPv4.htm


http://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-firewall/Object%20Configuration/Addresses/Addresses.htm

public ip

DNS translation http://kb.fortinet.com/kb/documentLink.do?externalID=FD34099

config firewall dsntranslation

   edit 1
       set dst 217.pp.pp.pp
       set netmask 255.255.255.255
       set src 192.168.1.100
       next
   end

GeoIP

Slå op hvilket land en IP hører til:

diagnose firewall ipgeo ip2country x.x.x.x

Hairpin

http://cookbook.fortinet.com/configure-hair-pinning-fortigate/

VDOM

config system global
set vdom-admin enable
end