Static NAT not working

Forum|Forum|7 years ago
September 4, 2018
2 replies
8860 views

Hi,

we have one server in our LAN nd we are going to connect to other server which outside of our network, we have 2 ISP connected to fortigate and we have pool of /29 public ip address from both isp. now we have done static nat for our server using isp 1 ip pool & and created inbound policy we can access the server from outside. but now what we are facing is when my server is going out its not taking Natted ip address as source its taking main IP address which are config as WAN1 & WAN2. do i need to create pbr for this?

Regards,

S

Ashik_Sheik

New Member

Hi ,

For Incoming connection we do VIP to map public IP to real server IP and incoming policy with destination VIP .

But while server access the internet by default NAT to WAN interface IP but you can change to dynamic IP pool to take same pool while going out need another policy IN to OUT with NAT (Here you should change default interface IP to NAT pool ).

Let us know if you need any further information .

Regds,

Ashik

srini_rdpAuthor

New Member

Hi Ashik,

Thanks for your reply. We manage to find the solution disabled the NAT in the edge router working fine now.

Regards,

S

ede_pfau

SuperUser

If others are having a similar questions:

using a VIP (= destination NAT) to access an internal server from WAN automatically ensures that outgoing traffic, be it replies or originating on the server, is source NATted to the specified external address.

In older releases of FortiOS, this had to be handled by using an additional policy with an IP pool for SNAT.

6zayn

New Member

The IPs are quite hard to detect. However itss bit easy on LANs.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded