How should I check SNAT pool resource?

Forum|Forum|3 years ago
August 17, 2022
1 reply
3215 views

Hi

I would like to know how I check Source NAT pool resource.

I use an interface Source NAT in many policies.

I am worrying whether exhausted for a public IP or not.

Thanks

sagha

Staff

Hi kiclee,

It would be difficult to check this because the traffic can vary at different times.

You can do a session filter on policy and then check the sessions established for that policy that can give you an idea of how many session are using snat.

FGT also has a feature to generate logs if such a problem is faced:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-determine-whether-a-NAT-port-is-exhausted/ta-p/198590

Thanks,

Shahan

kicleeAuthor

Explorer

Hi sagha,

Thank you very much for your answer.

It is really helpful for me.

And can I ask you further questions?

1. Is there OID of SNMP for the resource?

2. How many sessions(PAT) can Fortigate provide per one Public IP?

Thanks

sagha

Staff

Hi kiclee,

Unfortunately, there is no SNMP for checking relevant SNAT ports as far as I know.

For session, it depends on the source ports available. You can read here: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/898655/static-snat

Thank you.

Shahan

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded