FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
skobayashi_FTNT

Description

This article notes that source NAT port range has been changed on FortiOS firmware versions 4.00 MR2 Patch 9 and later, and 4.00 MR3 Patch 2 and later.

This article should be read in conjunction with KB article FD30357 "How FortiOS selects unused NAT ports".  The fundamentals of how FortiOS uses its source port range for source NAT(SNAT) is described in that article.


Scope

FortiOS firmware version 5.0 and later
FortiOS firmware version 4.0 MR3 Patch 2 and later patch release
FortiOS firmware version 4.0 MR2 Patch 9 and later patch release


Solution

Prior to FortiOS 4.2.9/4.3.2

As described in the KB article FD30357, the port range had been from 0x7000 (28672) to 0xF000 (61440), then there were 0x8000 (32768) possible ports that could be used for source NAT port.

On FortiOS 4.2.9/4.3.2 and later

The port range has been changed from 0x13FD (5117) to 0xFFFC (65532), so there are 0xEC00 (60416) possible ports.
 

 

Related Articles

Technical Note: How FortiOS selects unused NAT ports

Technical Note : How to determine whether a NAT port is exhausted on a FortiGate.

Technical Note: Protocol 41 (6 in 4) Session Clash Explanation