Skip to main content
Eric_Lackey
Eric_Lackey
New Member
July 25, 2013
Question

NAT Reflection

  • July 25, 2013
  • 4 replies
  • 12668 views
We are moving from Watchguard firewalls over to Fortigate. There was a feature on the Watchguards that they called NAT Reflection. It allowed internal hosts to access other internal hosts through their public IP address rather than internal IP. For example, to access our mail server at mail.domain.com, our internal clients resolve the public IP of the mail server. This allows us to not have to maintain a separate DNS view for public and private. I feel like there is some way to do this with the Fortigate with Virtual IPs, but I' m having trouble figuring it out. Any ideas?

    4 replies

    Eric_Lackey
    Eric_LackeyAuthor
    New Member
    July 25, 2013
    I was over thinking this. It appears that the Fortigate just does this by default as long as you have NAT enabled on the profile.
    Dave_Hall
    Dave_Hall
    New Member
    July 25, 2013
    Fortinet recently posted (or updated) a new KB for DNS translation that may be something you may want to consider -- I never tried it but find it somewhat nifty.
    rharland
    rharland
    New Member
    July 26, 2013
    Off-topic, but we' re in process for migration from Watchguard to Fortinet as well. Were there any significant platform-to-platform challenges that you weren' t expecting? Thanks for any info.
    Eric_Lackey
    Eric_LackeyAuthor
    New Member
    July 26, 2013
    So far, I haven' t experienced anything major. There is one bug I found in 5.0.3 that makes it seem as though the LDAP settings aren' t working, but they actually are once you start trying to authenticate. If anything I' ve been a little overwhelmed by the number of features and options that Fortigate provides in each area. But, they seem to have good documentation on most of the features.
    Terms & ConditionsAccessibility statement