| Description | This article describes the steps for resolving the error 'Cannot enable central-nat error with firewall policy using ippool'. |
| Scope | FortiGate. |
| Solution |
While trying to enable the Central NAT setup on the firewall there should not be any reference for any IP Pool configured on the firewall. If the IP Pool is configured on the firewall and is referenced on the firewall policy it shows the below error message while trying to enable the central-nat on the firewall.
The above error message shows the policy ID, where the IP Pool is referenced. If there are multiple IP Pool configured on the firewall then the reference can be viewed under 'Policy&Objects -> IP Pools' as shown below.
Selecting the reference number will show all the policies where it is referenced so it will be easier to locate and remove the IP Pool object.
The above error is expected while enabling Central NAT as it will change the application of VIP and IP Pool and any reference made to these objects needs to be removed before configuring the Central NAT.
There will be a similar error if there is any VIP applied to the firewall policy.
So before enabling central-nat, remove all the references to the NAT and IP Pool configured on the firewall and thereafter run the below commands and it should not show any error message.
FGT # config sys settings FGT (settings) # set central-nat enable FGT (settings) # end |
Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Spring Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNDR (on-premise)
- FortiNAC-F
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPresence
- FortiPortal
- FortiProxy
- FortiRecon
- FortiSRA
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiTester
- FortiSwitch
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
- Fortinet Community
- Knowledge Base
- FortiGate
- Technical Tip: How to resolve the 'cannot enable c...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.