Network NAT

MarcAnth · ‎01-21-2017

Good evening folks. It's been a number of years since I last worked with Fortinet products and I am in need of some direction. Specifically, I'm looking for the steps needed configure a network NAT. We have use cases where I need to translate specific octets due to network overlaps.

As a working example:

172.16.0.0/16 <> 10.116.0.0/16

Maintaining the host designation is a requirement; e.g., 172.16.1.10/32 <> 10.116.1.10/32

Creating individual objects is not a feasible option since there are instances with a significant number of hosts.

AndrKuhn · ‎03-09-2017

Hi Marc,

for Destination NAT you can create a VIP object which let you specifiy a "External IP Address/Range" and the corresponding "Mapped IP Address/Range", as far as i know the FG then does an exact mapping from e.g. 172.16.1.10 <> 10.116.1.10, when ranges 172.16.1.0/24 + 10.116.1.0/24 are configured.

For Source NAT you can create a DIP / IP Pool, when you click "Fixed Port Range" you get a config menu which let you configure External +Internal IP Range - but i´m not sure if this provides a 1:1 host NAT.

Kind regards,
Andreas