The number of PBAs per public IP is calculated using the following formula:

<num-pba-per-ip> = (<end-port> - <start-port> + 1) / <block-sz>

If the calculation results in a remainder, it will be truncated and not used.

The following command displays IP pool usage and resource details:

diagnose firewall ippool list

Calculation examples:

The following calculations show that even if the end-port value differs, the number of PBAs per IP remains the same because the difference does not affect the integer division result.

Case 1: The calculation leaves 387 unused ports because they cannot form a complete block.

num-pba-per-ip = (65535 - 5117 + 1) / 448 = 134 remainder 387

ippool ippool-1: id=7, block-sz=448
        ip-range=192.168.0.1-192.168.255.254
        num-pba-per-ip=134
        grp=N/A, start-port=5117, end-port=65535
        npu-clients=0, npu-inuse-NAT-IPs=0, total-NAT-IP=65534
        npu-total-PBAs=8781556, npu-inuse-PBAs=0/0, npu-free-PBAs=100.00%/100.00%
        npu-tcp-sess-count=0, npu-udp-sess-count=0

Case 2: The calculation divides evenly, so no ports are left unused.

num-pba-per-ip = (65148 - 5117 + 1) / 448 = 134 remainder 0

ippool ippool-1: id=7, block-sz=448
        ip-range=192.168.0.1-192.168.255.254
        num-pba-per-ip=134
        grp=N/A, start-port=5117, end-port=65148
        npu-clients=0, npu-inuse-NAT-IPs=0, total-NAT-IP=65534
        npu-total-PBAs=8781556, npu-inuse-PBAs=0/0, npu-free-PBAs=100.00%/100.00%
        npu-tcp-sess-count=0, npu-udp-sess-count=0

Related documents:

FortiGate 7.6.4 hyperscale Firewall Guide Port block allocation CGN IP pool 

FortiGate 7.6.4 hyperscale Firewall Guide Displaying IP pool usage information