Yeah you just want a virtual IP - just did this the other day. You'll need to create the relevant policy - the VIP should show up as the destination (IIRC) if everything is configured right.
Thanks, Brian Desmond [email protected] w - 312.625.1438 | c - 312.731.3132 -----Original Message----- From: S Powell [mailto:[email protected]] Sent: Monday, March 12, 2012 8:41 PM To: NT System Admin Issues Subject: Re: Fortigate configuration <grue> Light bulb </grue> It seems having it in as a secondary IP address in the WAN _and_ as a virtual IP caused the issue. I guess, I have in just the VIP and the policy and wiz bang it works... thanks for the help. ----------------- Oh, by the way, which one's Pink? On Mon, Mar 12, 2012 at 16:26, S Powell <[email protected]> wrote: > On Mon, Mar 12, 2012 at 15:41, Tom Miller <[email protected]> wrote: >> Is this external (public/Internet) to Internal? >> > yes that is correct > >> On most models you can add a secondary IP address to an existing interface. > > yes did that >> >> Or, create a virtual IP and then add a policy to allow external >> access via SSH to 123.123.123.124 and the firewall will translate to >> the internal address and route appropriately. > > did this also, and no joy. It does not seem to pass the traffic. >> >> I'm assuming these two IPs route to the same public IP (gateway your >> ISP assigned to you) which should be the IP on your WAN interface. > > correct they are both on the same WAN interface. both use the same > gateway... our other WAN interface has other ip addresses assigned to > it. > > >>>>> S Powell <[email protected]> 3/12/2012 5:55 PM >>> >> >> Hello World! >> >> I'm trying to set up our new fortunate firewall, moving away from >> ISA, and I'm having some issues >> >> I've googled and cannot figure this out. >> >> We have 4 ip addresses >> I have the primary IP on WAN 1 as 123.123.123.123 and can pass >> everything on that fine. on the same WAN I'd like to pass traffic on >> 123.123.123.124 to our SSH server at 192.168.1.2. >> >> can anyone help me out on the setup for this. >> >> I've set the secondary IP on the WAN, and set the policy to pass SSH >> traffic to the Virtual IP, but no joy. >> >> what am I missing? >> >> >> >> >> >> ----------------- >> Oh, by the way, which one's Pink? >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> >> Confidentiality Notice: This e-mail message, including attachments, >> is for the sole use of the intended recipient(s) and may contain >> confidential and privileged information. Any unauthorized review, >> use, disclosure, or distribution is prohibited. If you are not the >> intended recipient, please contact the sender by reply e-mail and >> destroy all copies of the original message. >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
