Central Nat behavior - exemption "no nat" rule

Question

Hello all - new to Fortigate Central Nat and just wanted to run something by the community here.

Looking to exempt NAT for a specific source and destination - while maintaining NAT\PAT to internet bound destinations for the same source. My questions are, can a "No NAT" rule be created\utilized in Central NAT, and how are the rules parsed\ matched ? Assume top-down correct?

Here's an example of what I'm after - 3 interfaces on the firewall. I just want to NOT nat the Forti voice ip when the destination is the CCUM server ip. Can I create a rule with those sources and destinations and just turn NAT off -then create a rule below for everything else internet bound? Thanks in advance all

inside – outside – any – any – NAT\PAT - to internet

hosted –outside – Fortivoice IP – CCUM IPs– no NAT

hosted – outside – any – any – NAT\PAT - to internet

pminarik · Accepted Answer

Yep, you certainly can! Just switch off the "NAT" toggle in the NAT policy.  And you're also correct about the matching order, top->down, first valid match wins.

DenT88 · Answer

Perfect ....Thanks for the quick reply !

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded