FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Shashwati
Staff
Staff
Article Id 330780
Description This article describes how to configure a custom SNAT Port range using firewall IP Pool Port-block-allocation.
Scope FortiOS 7.6.X
Solution
  1. Navigate to Policy & Objects -> IP Pools -> Create new -> Select the IP Pool type Port Block Allocation.

  2. Set the Start port and End port as required.

  3. The default start port is 5117 and the default end port is 65533.

 

6.PNG

 

  1. Configure the Firewall policy using the IP Pool.

  2. This IP Pool will allow the Maximum ports usable for a single User (per internal IP Address): 512 (64*8)

 

7.PNG

 

Note: This Firewall policy will help to control the outbound internet connections. Manually assigning SNAT ports based on the size of the private IP subnets and the number of frontend IPs available can help to prevent SNAT exhaustion.

 

Related articles:

Technical Tip: How to configure SNAT with IP pool
Dynamic SNAT - FortiGate administration guide

Contributors