Publish Server to Internet with CLI in FortiGate

Steps to Publish Server to Internet with CLI in FortiGate

  1. Assign a free public IP to the pool or you can ignore this step if the public IP is configured previously
config firewall ippool
    edit "121.121.43.52"
        set startip 121.121.43.52
        set endip 121.121.43.52
    next
  1. Configure the NAT to map 121.21.43.52:22 to 192.168.1.250:22
config firewall vip
    edit "121.121.43.52-TCP22"
        set extip 121.121.43.52
        set extintf "wan1"
        set portforward enable
        set mappedip 192.168.1.250
        set extport 22
        set mappedport 22
    next
  1. Configure Firewall policy to allow SSH (Port 22) to hit 121.121.43.52:22
config firewall policy
    edit 20
        set name "WP5-TCP22"
        set srcintf "wan1"
        set dstintf "internal"
        set srcaddr "all"
        set dstaddr "121.121.43.52-TCP22"
        set action accept
        set schedule "always"
        set service "HTTPS" "HTTP" "SSH"
        set logtraffic disable
    next

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top