Skip to main content
MVSantoshReddy
MVSantoshReddy
New Member
August 2, 2024
Question

FortiGate | inquiry on S-NAT IP Pool.

  • August 2, 2024
  • 4 replies
  • 1920 views

Hi Team,

 

We would like to seek for your advice, on below.


The requirement is to NAT a single source IP to a dynamic IP pool for accessing a single host for each session. Is this feasible with FortiGate? If so, please provide the configuration steps.

 

 

4 replies

Sheikh
Staff
Sheikh
Staff
August 2, 2024

Hello @MVSantoshReddy 

 

Check this article 

 

regards,

 

Sheikh

    MVSantoshReddy
    MVSantoshReddyAuthor
    New Member
    August 2, 2024

    Hello @Sheikh ,

     

    Thank you for the response. The article provides an in-depth explanation of the formula, but I don't believe it addresses my requirement for a single source to multiple externals per session. Could you help me review and confirm if this is feasible with FortiGate?

    Mrinmoy
    Staff
    Mrinmoy
    Staff
    August 2, 2024

    hi @MVSantoshReddy 

    Can you please provide details of your issue? It will help us to answer better.

      MVSantoshReddy
      MVSantoshReddyAuthor
      New Member
      August 3, 2024

      The requirement is to NAT a single source IP to a dynamic IP pool, meaning that each time the actual source enters the firewall, it should leave with an external IP from the configured pool. Instead of using just one IP, it should allocate the next available IP for each new session created on the firewall, ensuring each session ID is unique. Is this achievable with Fortigate? If so, could you provide the configuration steps?

      Source IP: 10.0.0.1/32
      NATted IP Pool: 172.16.0.0/24
      Destination IP: 10.0.1.123/32

      Mrinmoy
      Staff
      Mrinmoy
      Staff
      August 6, 2024

      I tested in LAB and seems like this is not feasible. I am looking for some other option. I will keep you posted.

        sw2090
        SuperUser
        sw2090
        SuperUser
        August 7, 2024

        hm since snat is done by policy couldn't you create a policy to that destination ip that only matches that one source ip and has a NAT IP Pool in it? Once you make sure no other policy matches that source and destination before it that might do the trick?

         

        Well reading again I am not sure wether that matches the second part. I think snat takes the first IP from pool and once that is already in use will take the next. 

          Terms & ConditionsAccessibility statement