Skip to main content
rendyadnant
rendyadnant
New Member
April 13, 2021
Question

Routing and IP NAT

  • April 13, 2021
  • 1 reply
  • 2208 views

Dear all,

 

I have some case in Fortigate 100E like down bellow (Please see attachment):

Example IP 192.168.40.250 (NAT IP: 11.17.59.36) going to server ADPI (IP: 11.17.57.129)

They must going to gateway (IP:192.168.40.229) then go to IP gateway 11.17.59.33

After that when the link down, another link will up to lintas (IP: 202.152.42.161).

My question is ,in firewall, after the IP arrived in Fortigate  (IP:192.168.40.229),

is the  fortigate will read the NAT first (Server ADPI must use NAT IP) then the routing?

or the routing first then nat?

Because we make routing --> 0.0.0.0/0 --> 202.152.42.161, if the forti read the routing

first, we can not reach Server ADPI in that time

    1 reply

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    April 13, 2021

    https://docs.fortinet.com/document/fortigate/6.2.0/parallel-path-processing-life-of-a-packet/86811/packet-flow-ingress-and-egress-fortigates-without-network-processor-offloading

    Direct answer would be in the diagram. SNAT is applied after routing decides which interface to go out.

     

    But when the link goes down, which is tied to 11.17.59.32/27, the another provider wouldn't routed packets back to your FGT but route to the original provider over the internet between two providers. So it wouldn't work any way. In other words, if the link from the original provider is down, the /27 is down as well. 

    Terms & ConditionsAccessibility statement