Routing Traffic via Secondary IP Address (1:1 NAT)?

Question

Hi All,

I have a Forti 60D sitting behind a router.

The box is configured with LAN IP (e.g. 192.168.1.1/24) and secondary IP address (e.g. 10.18.18.2/28).

The router is at 10.18.18.1.

Currently in traceroute, the router is seeing 192.168.1.1 traffic as the source.

How to make the traffic to come out from the IP 10.18.18.2 as the source? is it possible on this box?

edit: Something came to mind, if the above is possible, would the change affect traffics coming from the 192.168.1.0/24 subnet? current ipv4 policy is NO NAT.

sw2090 · Answer

I have this constellation

there is several Roouters connected to my FortiGate for Internetaccess. Each is connected to one Port and that port and the router share a subnet. All Interfaces that are connected to routers for internet are members of sd-wan for load balancing.

The Policy for internet then is:

-incoming interface/address = where the traffic comes from

- outgoing interface = sdwan

- outgoing address = ANY

and then:

NAT enabled using the destination interface ip.

Since sdwan cares for the routing the packets will get NATed with the ip of the interface they have to go out to the internet. Works fine so far.

Instead of sdwan you could of course use a single wan too...

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded