Hello, please advise how to create a VIP to map FQDN (Dymanic public IP) to internal private IP. When I choose FQDN, it just allow me to choose external FQDN, and mapped address cannot be private IP address? Or any other way to let external user to access my domain with specific port and NAT to my server with a private IP address with same port? Thanks.
Hi King, thanks for the question.
Actually, for the FQDN type VIP, it may not be immediately obvious but the use case is to map an external IP to a FQDN address commonly used in cloud deployments. For example, you may deploy the FortiGate in AWS, and you need to map an address to an internal server that is referenced by the FQDN address.
Here is more information on that:
For your use case, where you're mapping a dynamic public IP on your FortiGate to an internal server, you can simply use the Static NAT type.
The caveat is the following:
1. Choose the interface in which the traffic is ingressing. Do not leave as Any.
2. Set type to Static NAT.
3. Set External IP address/range as 0.0.0.0.
This allows the FortiGate to assign the External IP the address of the external interface's IP address, assuming that it will be dynamically changed (eg. in the case your ISP is assigning you an IP dynamically).
Hope this helps.
