Fortinet fortigate-100a Betriebsanweisung
214
01-28006-0068-20041105
Fortinet Inc.
Configuring recurring schedules
Firewall
To edit a recurring schedule
1
Go to Firewall > Schedule > Recurring.
2
Select the Edit icon beside the recurring schedule you want to modify.
3
Modify the schedule as required.
4
Select OK.
Virtual IP
Use virtual IPs to access IP addresses on a destination network that are hidden from
the source network by NAT security policies. To allow connections between these
networks, you must create a mapping between an address on the source network and
the real address on the destination network. This mapping is called a virtual IP.
the source network by NAT security policies. To allow connections between these
networks, you must create a mapping between an address on the source network and
the real address on the destination network. This mapping is called a virtual IP.
For example, if the computer hosting your web server is located on your DMZ
network, it could have a private IP address such as 10.10.10.3. To get packets from
the Internet to the web server, you must have an external address for the web server
on the Internet. You must then add a virtual IP to the firewall that maps the external IP
address of the web server to the actual address of the web server on the DMZ
network. To allow connections from the Internet to the web server, you must then add
an external->DMZ firewall policy and set Destination to the virtual IP.
You can create three types of virtual IPs:
network, it could have a private IP address such as 10.10.10.3. To get packets from
the Internet to the web server, you must have an external address for the web server
on the Internet. You must then add a virtual IP to the firewall that maps the external IP
address of the web server to the actual address of the web server on the DMZ
network. To allow connections from the Internet to the web server, you must then add
an external->DMZ firewall policy and set Destination to the virtual IP.
You can create three types of virtual IPs:
This section describes:
•
•
•
Note: To change the one-time schedule name you must delete the schedule and add it with a
new name.
new name.
Static NAT
Used to translate an address on a source network to a hidden address on a
destination network. Static NAT translates the source address of return
packets to the address on the source network.
Port Forwarding Used to translate an address and a port number on a source network to a
hidden address and, optionally, a different port number on a destination
network. Using port forwarding you can also route packets with a specific
port number and a destination address that matches the IP address of the
interface that receives the packets. This technique is called port forwarding
or port address translation (PAT). You can also use port forwarding to
change the destination port of the forwarded packets.
Dynamic port
forwarding
forwarding
Similar to port forwarding, dynamic port forwarding is used to translate any
address and a specific port number on a source network to a hidden
address and, optionally a different port number on a destination network.
Note: The maximum number of virtual IPs is 1024.