Technical Tip: Configuring 'One-to-One' Source NAT...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 364319

Description

This article describes how to configure IP Pools on Policy-based NGFW mode.

Scope

FortiGate.

Solution

Let's assume that three IP addresses are required to be source NATed for a particular public IP address each.

User 1: 192.168.9.129----Nated to---> 91.255.251.153/32.
User 2: 192.168.9.130----Nated to---> 91.255.251.154/32.
User 3: 192.168.9.131----Nated to---> 91.255.251.155/32.

In this article, the configuration related to User 1 will only be explained, for the other two users, it is required to apply the same configurations for the IP pool and Central NAT policies.

Configure Three IP pools with the type 'One-to-One', in each pool, add the IP addresses that are needed to NAT to:

IPPool 1: 91.255.251.153-91.255.251.153.
IPPool 2: 91.255.251.154-91.255.251.154.
IPPool 3: 91.255.251.155-91.255.251.155.

Below is an example of IPPool 1:

IP POOL.png

Configure Three Central NAT policies for each.

Below is an example of how to configure it for the first user. In the second and third central NAT policies, it is required to change the source addresses and the IPPool.
Configure the Security Policy from the Source interface to the destination interface as shown below:

1441

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: Configuring 'One-to-One' Source NAT on Policy-based NGFW

You are leaving our website