Skip to main content
moelharrak
moelharrak
New Member
October 24, 2020
Question

NAT same port to Different internal IP addresses

  • October 24, 2020
  • 1 reply
  • 2340 views

Hi,

Is it possible on Fortigate to use the same port and NAT it to two different internal Devices depend to the which source public IP is requesting the connection?

Example :

     Src-IP-1 + DST-Port-222 --> 192.168.1.100:222

     Src-IP-2 + DST-Port-222 --> 192.168.1.101:222

 

Thank you

1 reply

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
October 24, 2020

Yes, there is an option in VIP config to specify traffic by source IP(s). At least my 50E took the config below although I haven't test it.

 

config firewall vip     edit "VIPtest1"         set src-filter "1.1.1.1"         set service "SMTP"         set extip x.x.x.x         set extintf "WAN_INTERFACE"         set portforward enable         set mappedip "172.16.2.200"         set mappedport 25     next     edit "VIPtest2"         set src-filter "2.2.2.2"         set service "SMTP"         set extip x.x.x.x         set extintf "WAN_INTERFACE"         set portforward enable         set mappedip "172.16.2.201"         set mappedport 25     next end

Terms & ConditionsAccessibility statement