Problem : Fortigate 60 – mapping ports from a single public IP to multiple internal servers
We have a single public IP connected to the WAN interface of a Fortigate 60 running OS 3.0. We have successfully mapped multiple select ports to any single server within the office using a Virtual IP static map definition combined with a policy to route the selected ports.
The problem is that we would like to map another different set of ports to a second server (ex: Server1 hosts email while Server2 is a Terminal Server). In creating a second Virtual IP definition we receive the error “A duplicate entry already exists”.
Please help, how do you host multiple internal server of different types behind a single public IP?
Solution : Fortigate 60 – mapping ports from a single public IP to multiple internal servers
Go to Firewall | Virtual IP.
Edit the entry you already have for the first server. It sounds as if you do not have the Port Forwarding box checked. If that is the case, then that VIP is a 1-to-1 NAT/Mapping. To convert this to just a port forward of specific ports, check the box and enter the external and internal ports (ie, if you are hosting a web server, you would most likely want 80 in both boxes. You will need to create new VIPs in the same manner for as many services as you want to allow (check your policies to verify if you already are allowing multiple services in through the original VIP).
You should now be able to create the other VIP for the 2nd server in exactly the same way and then create the policy for it as well.
