Trying to route all access from internet to a web box on a DMZ

Posted on 2007-11-27
Last Modified: 2013-11-12
What is the best way to route traffice from internet to a dmz. I have foritage 100a router, all traffice that comes from internet on port 80 i want to force to a web box  which will host the web site, that is not on my current network.
The fortigate has ports all ready established for the dmz but im not sure where to set this up.

Question by:jbisordi
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 18

Expert Comment

ID: 20365820
The first problem, as I see it, is that this web server is not on the same network as your router.

Is that a correct understanding?

Is it in the same building and accessible?

There are a couple of ways that it can be done, but provide us with some more details... I.E. the IP subnet of the router's LAN and the IP of the web server you want to use.


Author Comment

ID: 20371065
yes the builing is accesible

internall network is on gateway is
i have a server that is connect to same router  ip with a cross over cable server ip

want to log on external ip and get to the server.
LVL 18

Accepted Solution

Johnjces earned 500 total points
ID: 20371165
Well, the firewall/router you have has two dmz ports that you can assign an IP address to that would allow access to your port 80 (http) server apparently at I do not understand or I am confused about the hookups you are using.

Your fortigate should have a LAN IP of 192,168,1,253 for your main LAN, correct?
So you have your web server connected to this fortigate as well on one of the interfaces which has an IP of I hope I have this correct.

Normally a DMZ a demilitarized zone, is open to all incoming traffic from the web/WAN interfaces. I would never put more than one machine on a DMZ as all those machines PCs and servers, are very vulnerable.

In your case, I would port forward port 80 to and not put it on any of the DMZ interfaces.

The fortigate should have a web interface that you can set up the ports, IP addresses, firewall rules and it will allow you to port forward.

I hope I have started to answer your question.

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!


Author Comment

ID: 20375454
got it working using the dmz  all externall traffic coming in on port 80 gets forwarded to webserver  that works fine however i would also like to be able to work on that computer remotlely i tried making a rule saying any traffic coming from a certain ip address get forward to that same server port 3389 for remote desktop. can that work as well? the dmz port on the foritgate is that is the only to things on the 50 network

LVL 18

Expert Comment

ID: 20375529
OK. So that DMZ will allow you to block all ports and allow the forwarding one port. That is great!

You should be able to allow multiple ports to forward to that IP doing the same thing you did before. As it is usually necessary in a lot of web servers to forward port 25, 80, 21 and others to that same server.


Author Comment

ID: 20376832
seems to be ok hopefully i can take care of everything else remotly


Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Policy Base Routing Cisco 6500 Switch 10 113
configuring snmp v2 or v3 on Cisco switches 2 66
IPV6 and AWS 3 92
Windows Service to Receive TCP Packets 4 195
A few months ago I attended the Rocky Mountain IPv6 Summit which was a two-day educational event; it was the 3rd annual conference held here in Denver, Colorado that was held at the Hyatt Regency Denver at the Colorado Convention Center. It was an e…
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question