Selective NAT with SD-WAN

Forum|Forum|4 years ago
February 9, 2022
1 reply
5885 views

Hello,

The context is a firewall policy to an SD-WAN zone.

Basic details: SD-WAN zone has two interface members: wan1 and GRE_Tun_0.

Is there any way for the policy to selectively NAT, depending on which zone interface gets used?

Example: traffic to wan1 must NAT but traffic to GRE_Tun_0 must not NAT?

Thanks.

FortiGate

akristof

Staff

Hello,

Thank you for your question. In older versions of FortiOS, you could select each SDWAN member individually in firewall policy and that could be used for this.

In newer versions, only option is to create 2 different SDWAN zones. One for wan1, second for GRE tunnel. Then you can have 2 firewall policies, for each zone, where you can enable/disable NAT based on your requirements.

jgrimm77Author

New Member

Hello and thanks for the feedback.

I didn't think of that but yeah, interesting idea to try. I'm testing how it works with Central NAT and that seems to do the trick as well...

akristof

Staff

Hello,

Central NAT also work, I didn't think about that. Good idea.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded