FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nnair
Staff
Staff
Article Id 254217
Description This article describes how to enable STUN protocol in a policy.
Scope All versions of FortiGate.
Fortigate must be in Profile-Based Mode (with or without Central SNAT enabled).
Solution

By default, the STUN option is hidden in policies.

To enable the hidden policy:

 

config firewall policy

    edit 1

        set action accept

        set nat enable
        set permit-any-host disable
        set permit-stun-host disable
end

 

After enabling the NAT and setting the policy action to 'accept', it will be possible to see the STUN option on the same policy. See the screenshots below.

Without the NAT enabled and without a set action:

 

image.png
After enabling the NAT and setting the action to 'accept'.


image.png