Recent Articles

The Rise Of SSL VPNS
The growth of Secure Sockets Layer virtual private networks (SSL VPNs) has accelerated in the last 12 months due to greater awareness among users of the commercial advantages, better marketing which...

ISDN Details You Must Know
CCNA exam success depends partially on knowing the details of ISDN, and there are plenty of them! To help you review for your CCNA exam, here are a few ISDN details that you must know on exam day. (They help...

Master Route Redistribution
To be successful on the BSCI exam and in earning your CCNP, you've got to master route redistribution. This isn't as easy as it sounds, because configuring route redistribution is only half the battle. Whether it's on...

Tips For Terminal Servers
Here's a list of tips to help ensure your Terminal Servers are functioning as efficiently as possible. These are rules I always abide by. Have a look, they may help you too... 1.) Sort your profiles out. Profiles are the biggest cause of slow logons and many other issues in Terminal...

Cisco CCNP / BSCI: Using The OSPF Command...
Your BSCI and CCNP exam success depends on knowing the details, and one such detail is knowing the proper way to summarize routes in OSPF. Route summarization is not just a test of your binary conversion abilities...

OSPF Route Redistribution Review
OSPF route redistribution is an important topic on the BSCI exam, and its a topic full of details and defaults that you need to know for the exam room and the job. To help you pass the BSCI exam, heres a quick...


Fortinet Firewall Virtual IPs

By A.P. Lawrence

I found this a little confusing, so am documenting it here in case you run into the same problem.

The first task is to define a virtual IP. You give it a name, and its interface is "wan1" (or "wan2" of course). It's Static NAT, and unfortunately you apparently have to enter an actual IP.

I have a DHCP assigned WAN, which will change whenever there is a power failure, so I had hoped to be able to use (for any address), but that didn't work for me.

The mapped IP is the internal address you want to go to.

In my case, this was a machine in the DMZ, so my first thought was that a WAN1 to DMZ policy was all that would be needed but that's not the case: you need to specifically include the VIP name in the "Address Name".

In my case, the whole thing ended up looking like this:

config firewall vip

edit "Linuxvip"

set extip

set mappedip

set extintf "wan1"




Low Rate eCommerce & Retail Plans

config firewall policy

set srcintf "wan1"

set dstintf "dmz"

set srcaddr "all"

set dstaddr "Linuxvip"

set action accept

set schedule "always"

nameset service "SSH"


*Originally published at

About the Author:
A.P. Lawrence provides SCO Unix and Linux consulting services

About NetworkNewz
NetworkNewz editors, writers and contributors focus on both the big picture and the details of networking. At NetworkNewz our goal is to deliver to you The Key To Network Management.

NetworkNewz is brought to you by:

-- NetworkNewzis an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
2007 iEntry, Inc.  All Rights Reserved  Privacy Policy  Legal

archives | advertising info | news headlines | newsletters | comments/feedback | submit article

The Keys To Network Management Ask Questions in the Networking Forum NetworkNewz News Archives About Us Feedback NetworkNewz Home Page About Article Archive News Downloads WebProWorld Forums Jayde iEntry Advertise Contact