Skip to main content
suthomas1
suthomas1
New Member
June 7, 2018
Question

Outbound natting

  • June 7, 2018
  • 1 reply
  • 4240 views

One of the internal systems with IP 10.58.0.11 needs to access another remote network.

10.58.0.11 is internal to us Remote network is part of our organisation but geographically different.

10.58.0.11 is not routable to the remote network as they do not accept them. In this case, we will need to do an outbound NAT so session from 10.58.0.11 to the remote network gets translated to a range that they accept which is 10.82.0.x. Briefly, 10.58.0.11 needs to be translated outbound to one ip in 10.82.0.x so the remote site accepts it. I want to do this on fortinet firewall.Can someone please help how it should be done.

Appreciate all help.

    1 reply

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    June 7, 2018

    create an IP pool with the 10.82.0 addresses and use it in an SNAT policy like below.

    http://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-transparent/3-Networking/2-NAT/2-SNAT.htm?Highlight=ippool

    The default rule is "overload" but you can change the ippool type to like one-to-one, etc. explained below:

    http://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-firewall/Object%20Configuration/IP%20Pools/Creating%20a%20IPv4%20Pool.htm?Highlight=ippool%20config

     

     

    suthomas1
    suthomas1Author
    New Member
    June 8, 2018

    Thank you, is there any way for me to verify if this is working from cli or gui?

     

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    June 8, 2018

    Best way to confirm is "flow debug" or "debug flow" in below KB doc. If you read each line of output you can find the line swapping the source address from the local one to one of IPs in IP pool based on the rule you've chosen. 

    http://kb.fortinet.com/kb/viewContent.do?externalId=FD30038

     

     

     

    Terms & ConditionsAccessibility statement