本教程将显示配置的各个步骤。
我为各个元素使用了尽可能多的"直观名称"，而此示例是关于将非标准RDP端口转发到服务器192.168.15.15的端口。

1.在"地址簿"中定义目标机器对象名称(这是目标IP的名称别名)：

set security zones security-zone LAN address-book address ip-lan_SERVERNAME description "Server Description"
set security zones security-zone LAN address-book address ip-lan_SERVERNAME 192.168.15.15/32

2.定义自定义应用程序协议和端口(此步骤是可选的，如果您的应用程序未在默认列表中列出，则可以使用此步骤)：

set applications application custapp-rdp-tcp-3399 protocol tcp
set applications application custapp-rdp-tcp-3399 destination-port 3399
set applications application custapp-rdp-tcp-3399 description RDP

3.定义目标计算机的目标NAT池：

set security nat destination pool dnat-pool_SERVERNAME address 192.168.15.15/32
set security nat destination pool dnat-pool_SERVERNAME address port 3399

4.定义目标计算机的目标NAT规则：

set security nat destination rule-set dnat_Internet-to-LAN rule dnat-rule_SERVERNAME_p3399 description RDP
set security nat destination rule-set dnat_Internet-to-LAN rule dnat-rule_SERVERNAME_p3399 match destination-address 0.0.0.0/0
set security nat destination rule-set dnat_Internet-to-LAN rule dnat-rule_SERVERNAME_p3399 match destination-port 3399
set security nat destination rule-set dnat_Internet-to-LAN rule dnat-rule_SERVERNAME_p3399 match protocol tcp
set security nat destination rule-set dnat_Internet-to-LAN rule dnat-rule_SERVERNAME_p3399 then destination-nat pool dnat-pool_SERVERNAME

5.定义目标服务器的防火墙策略：

set security policies from-zone Internet to-zone LAN policy All_WAN_RDP_SERVERNAME description RDP
set security policies from-zone Internet to-zone LAN policy All_WAN_RDP_SERVERNAME match source-address any
set security policies from-zone Internet to-zone LAN policy All_WAN_RDP_SERVERNAME match destination-address ip-lan_SERVERNAME
set security policies from-zone Internet to-zone LAN policy All_WAN_RDP_SERVERNAME match application custapp-rdp-tcp-3399
set security policies from-zone Internet to-zone LAN policy All_WAN_RDP_SERVERNAME then permit

6.现在配置已完成，您现在可以提交更改：

commit comment "add port forwarding for SERVERNAME"