Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
dbhavsar
Staff
Staff

Created on ‎08-30-2023 09:19 PM

Article Id 271208

Technical Tip: Using custom IP Pool for NAT while having SD-WAN in the policy

Description This article describes how to use a custom IP Pool when an SD-WAN is configured
Scope FortiGate v6.2 or later.
Solution
  1. Create a custom IP Pool and bind it to a specific interface: Technical Tip: How to associate a NAT pool (IP pool) to a physical interface of an SD-WAN

  2. Below, a pool has been created and associated to WAN1:


ip-pool.jpg

  1. Create an SD-WAN rule for a particular subnet or for all sources set destination as 'all', and Select outgoing interface preference as the WAN1:


sdwan-rule.jpg

  1. A firewall policy with Dynamic outbound NAT will be needed as below:


fw-policy-cli.jpg

fw-policy-gui.jpg

 

  1. Once these changes are processed and after clearing the sessions for 'all' sources, it might affect the production traffic:
    Technical Tip: Using filters to clear sessions on a FortiGate unit
  2. As visible now, it is using the NATed IP from the Pool:


session-stat.jpg
2743
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.