Skip to main content
Umesh
Umesh
Explorer II
October 14, 2022
Question

DNAT with VIP is not working if nat disabled

  • October 14, 2022
  • 1 reply
  • 3140 views

Hi everyone,

 

I want to know should I diable nat if we have configured DNAT with VIP in Fortigate Firewall.

 

Reason - Let me know about it when should we enable or diable NAT.

 

FYI - If I enabled nat then it is working if it is disabled then it is not working.

Please find the attached digaram what I am doing in my oranization.

DNAT.jpg

1 reply

sagha
Staff
sagha
Staff
October 14, 2022

Hi @Umesh


> If I enabled nat then it is working if it is disabled then it is not working.

When you enable NAT, this means that SNAT is also taking place and this usually is the outgoing interface of FGT. This works because this is in the same subnet as the destination host you are trying to reach. 

 

When you disable NAT in policy, original address would be used and I believe the destination host does not have a route to send traffic back to FGT. 

Thank you. 

Shahan 

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    October 14, 2022

    In other words, 10.1.1.400's default route is not pointing to 10.1.1.10, the FGT.

     

    Toshi

    Terms & ConditionsAccessibility statement