Description
This article notes that source NAT port range has been changed on FortiOS firmware versions 4.00 MR2 Patch 9 and later, and 4.00 MR3 Patch 2 and later.
This article should be read in conjunction with KB article FD30357 "How FortiOS selects unused NAT ports". The fundamentals of how FortiOS uses its source port range for source NAT(SNAT) is described in that article.
Scope
FortiOS firmware version 5.0 and later
FortiOS firmware version 4.0 MR3 Patch 2 and later patch release
FortiOS firmware version 4.0 MR2 Patch 9 and later patch release
Solution
Prior to FortiOS 4.2.9/4.3.2
As described in the KB article FD30357, the port range had been from 0x7000 (28672) to 0xF000 (61440), then there were 0x8000 (32768) possible ports that could be used for source NAT port.
On FortiOS 4.2.9/4.3.2 and later
The port range has been changed from 0x13FD (5117) to 0xFFFC (65532), so there are 0xEC00 (60416) possible ports.
Related Articles
Technical Note: How FortiOS selects unused NAT ports
Technical Note : How to determine whether a NAT port is exhausted on a FortiGate.
Technical Note: Protocol 41 (6 in 4) Session Clash Explanation
