Created on 11-17-2011 11:53 PM Edited on 01-31-2024 05:24 AM By Jean-Philippe_P
Description
This article explains the configuration of the Central NAT Table which can be found in FortiGate -> Firewall -> Central NAT Table.
Scope
FortiOS v4.0 and above.
Solution
Definition
The Central NAT Table allows the Administrator to have more control over source port mapping, it allows the control over source port range mapping with fixed port behaviour.
For example by using source port mapping from 1000-1500 to 5000-5500, this feature will make sure the source port mapped from 1000->5000, 1001->5001,..,1501->5501. Unlike conventional IP-Pool mapping, it only allows control of a fixed/dynamic port and there is no option to control source port range mapping.
With IP-Pool fixed port enabled this allows the same source port number to be translated into the same source port number.
Considerations
- Since the Central NAT Table feature inherits fixed port behavior, it means that the environment setup for Central NAT Table must make sure that the range of IP is mapped uniquely like one-to-one static NAT.
- If Many-to-One source NAT is desired, this feature will not be suitable for such an environment, because there is likelihood that incoming port from different PCs may use the same source port number to access the same Internet public server.
How to configure the Central NAT Table:
1) Firewall > Policy > IP-Pool
- Define the IP mapping from internal to External
2) Firewall > Policy > Central NAT Table
- Configure Central NAT Table with source port mapping
3) Firewall > Policy > Policy
- Define firewall policy with Central NAT Table enable
Note: That in FortiOS v4.3, the Central NAT Table is disabled by default.
To enable the Central NAT Table go to System > Admin > Display Options in GUI, and check the "Central NAT Table".
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.