| The number of PBAs per public IP is calculated using the following formula: <num-pba-per-ip> = (<end-port> - <start-port> + 1) / <block-sz>
If the calculation results in a remainder, it will be truncated and not used.
The following command displays IP pool usage and resource details: diagnose firewall ippool list
Calculation examples:
The following calculations show that even if the end-port value differs, the number of PBAs per IP remains the same because the difference does not affect the integer division result.
Case 1: The calculation leaves 387 unused ports because they cannot form a complete block.
num-pba-per-ip = (65535 - 5117 + 1) / 448 = 134 remainder 387
ippool ippool-1: id=7, block-sz=448 ip-range=192.168.0.1-192.168.255.254 num-pba-per-ip=134 grp=N/A, start-port=5117, end-port=65535 npu-clients=0, npu-inuse-NAT-IPs=0, total-NAT-IP=65534 npu-total-PBAs=8781556, npu-inuse-PBAs=0/0, npu-free-PBAs=100.00%/100.00% npu-tcp-sess-count=0, npu-udp-sess-count=0
Case 2: The calculation divides evenly, so no ports are left unused.
num-pba-per-ip = (65148 - 5117 + 1) / 448 = 134 remainder 0
ippool ippool-1: id=7, block-sz=448 ip-range=192.168.0.1-192.168.255.254 num-pba-per-ip=134 grp=N/A, start-port=5117, end-port=65148 npu-clients=0, npu-inuse-NAT-IPs=0, total-NAT-IP=65534 npu-total-PBAs=8781556, npu-inuse-PBAs=0/0, npu-free-PBAs=100.00%/100.00% npu-tcp-sess-count=0, npu-udp-sess-count=0
Related documents: FortiGate 7.6.4 hyperscale Firewall Guide Port block allocation CGN IP pool FortiGate 7.6.4 hyperscale Firewall Guide Displaying IP pool usage information | 
