This tutorial demonstrates the process of configuring a Virtual IP (VIP) on a FortiGate firewall to enable port forwarding to an internal. We'll cover the necessary steps to expose a service running on a Raspberry Pi 5 web server to the WAN interface, ensuring external access is forwarded correctly through the firewall.
We examine the specific network settings required to avoid port conflicts with the firewall's administrative interface and also verify local IP assignments via the DHCP monitor. The video details how to create a VIP object for specific port translation and how to build the accompanying firewall policy to permit traffic. Additionally, we explore mapping a dedicated secondary static IP to an internal host for full 1-to-1 NAT/VIP.
In this video:
Overview of the FortiGate and Raspberry Pi (we server ) lab setup.
Adjusting administrative access ports to prevent conflicts with web services.
Locating internal device IP addresses using the FortiGate DHCP monitor.
Creating a Virtual IP (VIP) object for port 80 forwarding.
Configuring the firewall policy to allow WAN to LAN traffic via the VIP.
Testing external connectivity to the Raspberry Pi Nginx web server.
Configuring a static IP mapping for full protocol access (1-to-1 NAT).
Best practices for filtering sources and services within firewall policies.
Timestamps:
0:00 Intro and Topology
1:02 Adjusting Admin Access Ports
2:17 Identifying the Internal Server IP
2:56 Creating the Virtual IP (VIP) Object
4:45 Creating the Firewall Policy
6:12 Testing the Web Server Connection
6:58 Mapping a Secondary Static IP (1-to-1 NAT)
8:18 Best Practices for Policy Filtering
9:01 Outro
#fortigate #firewall #portforwarding #networking #vip #raspberrypi #homelab #networksecurity #fortinet #sysadmin