crear Nat de servicios con fotigate de fortinet

Publicado: agosto 10, 2011 en Uncategorized

fuente: http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=10540&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=20958570&stateId=0%200%2020960272

 

Description How do I set up a FTP server in the DMZ?

I am having troubled setting up a FTP server in the DMZ.

Components  

  • FortiGate units (this article uses the FortiGate-100)
Steps In the web-based manager complete the following steps:

Set up a virtual IP address

Configure a virtual IP address so that incoming requests for the FTP server are routed correctly. The virtual IP can be included later in an external -> dmz firewall policy.

To define the virtual IP address for the FTP server

  1. Go to Firewall > Virtual IP.
  2. Select Create New.
  3. Select Static NAT.
  4. Enter the following information:
    Name Enter a name for the virtual IP, for example ServerName_External .
    External Interface External
    External IP Address Enter the external IP address you want to use. For example, 1.1.1.155.
    Map IP Address Enter the IP address of the internal host you want to forward the port to. For example, 10.10.10.2.
  5. Select OK.

Create a service group

For FTP access through the DMZ, you can add it alone to a firewall policy. However, you may want to add additional services such as PING. Add all services you require into a single group for easier configuration.

To add a services group

  1. Go to Firewall > Service > Group.
  2. Select Create New.
  3. Enter a Group Name. For example, FTP_IP .
  4. From the Available Services list, select the services to add to the group.
    Select a service and select the right arrow to add it to the Members list. For example, add FTP and PING.
  5. Select OK.

Create a firewall policy

Create a firewall policy to accept traffic for the specified services.

To create a firewall policy

  1. Go to Firewall > Policy.
  2. Select Create New.
  3. Set the following options:
    Interface/Zone (Source) External
    Interface/Zone (Destination) DMZ/HA
    Address Name (Source) All
    Address Name (Destination) Under Virtual IP, select the Virtual IP name you created in the previous steps. For this example, ServerName_External .
    Service Select the service group you created in the previous steps. For this example, FTP_IP .
    Action Accept
  4. Select OK.

After completing these steps, you can ping the FTP address of 1.1.1.155 from outside the firewall.

Last Modified Date: 10-07-2009 Document ID: 10540
Anuncios

Responder

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s