# config system interfaceTraffic from client to internet:
edit "test"
set vdom "internal"
set ip 1.1.10.1 255.255.255.252 <-----
set type loopback
set role lan
set snmp-index 18
next
end
# config firewall ippool
edit "1.1.10.1"
set startip 1.1.10.1
set endip 1.1.10.1
next
end
# config firewall policy
edit 3
set srcintf "lan"
set dstintf "wan"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "PING"
set ippool enable
set poolname "1.1.10.1"
set nat enable
next
end
dracarys-kvm13 (internal) # id=20085 trace_id=32 func=print_pkt_detail line=5742 msg="vd-internal:0 received a packet(proto=1, 172.31.131.2:1->8.8.8.8:2048) from lan. type=8, code=0, id=1, seq=19."
id=20085 trace_id=32 func=init_ip_session_common line=5913 msg="allocate a new session-0005fe7e"
id=20085 trace_id=32 func=vf_ip_route_input_common line=2621 msg="find a route: flag=04000000 gw-10.40.48.39 via wan"
id=20085 trace_id=32 func=fw_forward_handler line=799 msg="Allowed by Policy-3: SNAT" <<< Matches the lan to wan policy
id=20085 trace_id=32 func=ids_receive line=298 msg="send to ips"
id=20085 trace_id=32 func=__ip_session_run_tuple line=3486 msg="SNAT 172.31.131.2->1.1.10.1:60417" << SNAT is applied using ippool
Response traffic from server to 1.1.10.1:
id=20085 trace_id=33 func=print_pkt_detail line=5742 msg="vd-internal:0 received a packet(proto=1, 8.8.8.8:60417->1.1.10.1:0) from wan. type=0, code=0, id=60417, seq=19."
id=20085 trace_id=33 func=resolve_ip_tuple_fast line=5823 msg="Find an existing session, id-0005fe7e, reply direction"
id=20085 trace_id=33 func=__ip_session_run_tuple line=3500 msg="DNAT 1.1.10.1:0->172.31.131.2:1"
id=20085 trace_id=33 func=vf_ip_route_input_common line=2621 msg="find a route: flag=00000000 gw-172.31.131.2 via lan"
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.