How to Configure Port Forwarding on a Fortinet Firewall

How to Configure Port Forwarding on a Fortinet Firewall

How to Configure Port Forwarding on a Fortinet FirewallFortinet Firewall: Port forwarding is an essential network configuration that allows external devices to access services on a private network. On a Fortinet firewall, setting up port forwarding ensures seamless communication between external clients and internal servers while maintaining security. This guide will walk you through the steps to configure port forwarding on a Fortinet firewall using FortiGate.

Step 1: Access the Fortinet Firewall

  1. Log in to your FortiGate firewall’s web-based management interface by entering its IP address in a web browser (e.g., https://192.168.1.1).
  2. Enter your administrator credentials and click Login.

Step 2: Create a Virtual IP (VIP)

A Virtual IP (VIP) is required to map an external IP address and port to an internal resource.

  1. Navigate to Policy & Objects > Virtual IPs.
  2. Click Create New and select Virtual IP.
  3. Provide a name for the VIP (e.g., WebServer_VIP).
  4. Set the Interface to the external interface (e.g., WAN1).
  5. Configure the External IP Address:
    • If using a public IP, enter the public address assigned to your firewall.
    • If using a single IP, enter the same address in both the External IP Address/Range fields.
  6. Set the Mapped IP Address to the internal server’s IP (e.g., 192.168.1.100).
  7. Under Port Forwarding, enable the option.
  8. Set the External Service Port (e.g., 80 for HTTP or 3389 for RDP).
  9. Set the Mapped Service Port to the corresponding internal port.
  10. Click OK to save the configuration.

Step 3: Create a Firewall Policy

To allow traffic through the firewall to the internal resource, a security policy must be configured.

  1. Navigate to Policy & Objects > Firewall Policy.
  2. Click Create New.
  3. Configure the policy:
    • Name: Assign a descriptive name (e.g., Allow_HTTP).
    • Incoming Interface: Select the WAN interface (e.g., WAN1).
    • Outgoing Interface: Select the internal interface (e.g., LAN).
    • Source: Set to all or restrict to specific external IPs if needed.
    • Destination: Select the VIP object created earlier.
    • Service: Choose the specific service (e.g., HTTP, RDP).
    • Action: Set to ACCEPT.
  4. Enable NAT if necessary (usually not required when using VIPs).
  5. Click OK to apply the policy.

Step 4: Test the Port Forwarding

  1. Use an external device to test connectivity by entering the public IP and port in a web browser or remote access tool.
  2. Verify that traffic is reaching the internal server by checking the logs under Log & Report > Forward Traffic.
  3. If the connection fails, check:
    • Firewall policies and rules.
    • The internal server’s firewall settings.
    • Network interface bindings and routing.

Step 5: Security Considerations

  • Restrict access using source filtering in the firewall policy.
  • Use strong authentication methods for remote access services.
  • Regularly update firmware to patch security vulnerabilities.
  • Monitor logs to detect unauthorized access attempts.

By following these steps, you can successfully configure port forwarding on your Fortinet firewall while maintaining a secure network environment.

How to Configure Port Forwarding on pfSense