Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
acvaldez
Staff
Staff

Created on ‎12-30-2021 10:52 PM Edited on ‎11-29-2023 08:53 AM By Moderator

Article Id 202269

Technical Tip: Enable and configure central SNAT

Description This articles describes  how to enable and configure central SNAT on FortiGate.
Scope

FortiGate.
Solution

Enable Central SNAT.

 

config sys settings

set central-snat enable

end

 

Sample Central SNAT configuration:

 

From the CLI:

 

config firewall central-snat-map

    edit 1

        set uuid be665abc-69d5-51ec-ab33-ac04c07f7190

        set srcintf "port4"

        set dstintf "port5"

        set orig-addr "all"

        set dst-addr "all"

    next

end

 

From the GUI:

 

Navigate to Policy & Objects -> Central SNAT and select 'Create New'.

 

acvaldez_0-1640913693084.png

 

If the Firewall NGFW mode is policy-based and central NAT-enabled, it is necessary to configure SSL Inspection and authentication policies along with a security policy in order to enable the traffic.

 

CNAT_SSL.PNG

 

show

config firewall policy

edit 2

set name "Test"

set uuid 7134a43c-8ed2-51ee-3ddb-e26cd3f2459c

set srcintf "port4"

set dstintf "port5"

set srcaddr "all"

set dstaddr "all"

set service "ALL"

next

end
Labels:
2483
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.