fortigate disable nat option

Forum|Forum|9 years ago
November 5, 2016
1 reply
26136 views

Dears,

I have fortigate 200d and i want to disable nat option once i create the firewall policy.

could you please advise what is the other steps that i need to configure in case i disabled the nat option from the policy.

when i enable the nat mode in the policy, the connectivity is ok, but when i disabled it i lost the connectivity, i want to keep the source ip without natting. could you please advise about this

Best Regards,

5.4

rwpatterson

New Member

This is a very general question. 2 questions to you:

1) What direction is traffic flowing in this policy?

2) Is this policy connected to the Internet from a private address?

swmarAuthor

New Member

Thanks for your reply, the direction from internal to wan 1.

and it is private network to the internet.

Best Regards,

rwpatterson

New Member

If that is the case, then you need to have NAT enabled. Your ISP will drop all connections to the Internet with private IP addresses. You have to provide a routable, public IP address if you want your traffic to be present outside your walls. The only way you can do that is to have your own subnet(s), or to NAT your traffic to the IP address that your ISP provides you. (That is if they give you a public. Some only provide private IP addresses on a transit network to you.)

See the link for a definition/list of private IP address ranges

https://tools.ietf.org/html/rfc1918

There is a newer one, but I don't recall the RFC number.

The latest is here:

https://tools.ietf.org/html/rfc5735

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded