Source IP | Destination IP | Translated IPIn the case of mis-configuration the following could occur:
172.30.30.2 Internet 172.31.17.238
172.30.30.2 160.0.0.0/8 1.1.1.2
172.30.30.3 160.0.0.0/8 1.1.1.3
(…)
172.30.30.254 160.0.0.0/8 1.1.1.254
FGT # get sys session list
PROTO EXPIRE SOURCE SOURCE-NAT DESTINATION DESTINATION-NAT
icmp 7 172.30.30.2:4238 1.1.1.2:4238 160.0.0.1:8
icmp 59 172.30.30.2:4247 1.1.1.2:4247 8.8.8.8:8
config firewall vip
edit "VIP-1.1.1.0-24"
set uuid 51944978-6e67-51e5-8e57-a7ead026b0d2
set extip 1.1.1.0-1.1.1.255
set extintf "any"
set srcintf-filter "port3"
set mappedip "172.30.30.0-172.30.30.255"
next
edit "VIP-172.31.17.238"
set uuid 7f8a86f8-6e67-51e5-e59b-a97f9ae1973c
set extip 172.31.17.238
set extintf "any"
set srcintf-filter "port4"
set mappedip "172.30.30.2"
next
end
config firewall policy
edit 6
set uuid 063d0846-6b5d-51e5-8435-10c0987913cc
set srcintf "any"
set dstintf "any"
set srcaddr "160.0.0.0-8"
set dstaddr "VIP-1.1.1.0-24"
set action accept
set schedule "always"
set service "ALL"
next
edit 5
set uuid 3e27056a-6b47-51e5-9ba9-085cbfb0c040
set srcintf "any"
set dstintf "any"
set srcaddr "172.30.30.0-24"
set dstaddr "160.0.0.0-8"
set action accept
set schedule "always"
set service "ALL"
set nat enable
next
edit 7
set uuid a16c054e-6e67-51e5-3bf4-19b25c3782be
set srcintf "any"
set dstintf "any"
set srcaddr "all"
set dstaddr "VIP-172.31.17.238"
set action accept
set schedule "always"
set service "ALL"
next
edit 4
set uuid 117535a0-6e67-51e5-7705-3cfb33050c2b
set srcintf "any"
set dstintf "any"
set srcaddr "172.30.30.0-24"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set nat enable
next
end
FGT # get sys session list
PROTO EXPIRE SOURCE SOURCE-NAT DESTINATION DESTINATION-NAT
icmp 59 172.30.30.2:4284 1.1.1.2:4284 160.0.0.1:8 -
icmp 45 172.30.30.2:4283 172.31.17.238:4283 8.8.8.8:8 -
Related Articles
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.