SDWAN with NAT

Forum|Forum|9 months ago
August 27, 2025
2 replies
589 views

FGT-A have 2 different link to FGT-B, 1st link must enable the NAT and the 2nd link not use NAT.

How we can create policy to enable NAT only for 1st link, since in the firewall policy we use sdwan interface for the destination?

FortiGate

johnathan

Staff

This article covers your scenario: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-use-one-certain-IP-pool-per-a-SD-WAN-member/ta-p/240694

Never trust a computer you can't throw out a window.

HS08Author

Visitor III

But the link should be natted and use ip from the provider.

With this condition what should i put in start and end ip addr?

sulanmu7

New Member

Your DNATs (VIPs) must be assigned to a specific interface. You can't select an SD-WAN zone, but you can specify "any" as the source interface, then this VIP won't be associated only with a specific wan interface.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded