Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
caunon
Staff
Staff

Created on ‎01-12-2015 08:59 AM Edited on ‎07-10-2025 10:41 PM By Community Manager

Article Id 195272

Technical Tip: How to send traffic out with the specific source IP address

Description

 
This article describes that in some cases, it is necessary to send out the traffic with the specific source IP address which is not the wan1 or wan2 IP address at the external interface.

Use the IP Pool with the firewall policy to do this.


Scope

 

FortiGate.


Solution

 

For v5.0:

  1. Using the GUI go to Firewall Objects -> Virtual IPs -> IP Pools -> Create New and set the parameter values as follows:

 

Name : NAT24

Type : Overload
External IP Range/Subnet : 24.24.24.24-24.24.24.24
ARP Reply : enable

 

caunon_FD36016_tn_FD36016-1.jpg

 

caunon_FD36016_tn_FD36016-2.jpg

 

  1. Create the firewall policy from the source interface to the destination interface as required, and set the IP Pool to Enable NAT. Select the option to 'Use Dynamic IP Pool' and choose the one that was created in the previous step (For example: 'NAT24').

caunon_FD36016_tn_FD36016-3.jpg
 
For v7.0, v7.2, v7.4, 7.6:

 

Using the GUI, go to Policy & Objects -> IP Pools -> Create New and set the parameter values as follows:

 

Name : NAT24

Type : Overload

External IP Range/Subnet : 24.24.24.24-24.24.24.24

ARP Reply : enable

 

For v 7.0, v7.2, v7.4 GUI:

 
IPPool1.PNG
 
IPPool1a.PNG

From v7.6 GUI:

 

IPPool2.PNG

 

 
IPPool2a.PNG

  1. Create the firewall policy from the source interface to the destination interface as required and set the IP Pool to Enable NAT. Select the option to 'Use Dynamic IP Pool' and choose the one that was created in the previous step (For example: 'NAT24').

 

For v7.0, v7.2, v7.4 GUI:

 

FW1.PNG
 
For v7.6 GUI:
 
FW2.PNG

When the traffic passes through this firewall policy, it will NAT out with the IP address of the IP Pool (NAT24 with 24.24.24.24) as required.

Related article:
Technical Tip: Mapping VIP outbound connections (Source NAT)
7835
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.