Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ehsan230564
New Contributor

NAT disabled

Dear sir,

 

Can i get explained and if possible for profile policy with NAT DISABLED.

Actually i want to allow traffic through WAN interface without translating the source address.

That is allow traffic through from LAN to WAN and keep the source address as original.

 

Thanks and best regards.

 

 

 

4 REPLIES 4
Toshi_Esumi
Esteemed Contributor III

sure you can.

emnoc
Esteemed Contributor III

Double sure you can, just don't enable nat on the policy that allows the traffic.

 

e.g

 

config firewall policy

    edit 1

        set uuid 6109d3c2-b4e4-51eb-548f-7b34dbca756a

        set srcintf "internal"

        set dstintf "wan1"

        set action accept

        set srcaddr "all"

        set dstaddr "all"

        set schedule "always"

        set service "ALL"

        set inspection-mode proxy

        set nat enable

    next

end

 

config firewall policy

    edit 1

        set uuid 6109d3c2-b4e4-51eb-548f-7b34dbca756a

        set srcintf "internal"

        set dstintf "wan1"

        set action accept

        set srcaddr "all"

        set dstaddr "all"

        set schedule "always"

        set service "ALL"

        set inspection-mode proxy

        set nat disable

    next

end

Ken Felix

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
ede_pfau
Esteemed Contributor III

Interesting. "Through WAN interface" does not have to mean "to the internet".

Sending traffic to the inet without SNAT onto the public WAN interface address will prevent the return traffic from finding you (no routing of private address space in the inet).


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
emnoc
Esteemed Contributor III

We might be making assumption that is their internal LANs are all private-address. If they have public or mix of public and private, then this need is warrant.

 

Also they might have inter-lan aka ( like a DMZ ) that's addressed with public space.

 

Just my observation

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Labels
Top Kudoed Authors