Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
alexm3
New Contributor

NAT from one computer to another

Good afternoon! 

 

I am a networking rookie currently working with a Fortigate 80F, and am trying to understand how NAT works. I have two computers connected to the router with static IP addresses of 192.168.1.1 (PC1) and 192.168.1.101 (PC2). I am looking to set something basic up in which I can ping a virtual IP address (let's say 192.168.50.1) on PC1, and this will translate to PC2's IP address and get a reply back from PC2. I set up a Virtual IP to do this on PC1, and still have all interfaces on the hardware switch. I didn't get any response from the ping. I also added an IPv4 policy to allow traffic from the internal switch through that pings the VIP, but this also didn't work. Am I missing something here? I'm confused as to why this isn't working. I would really appreciate any insights anyone can provide!

1 Solution
Toshi_Esumi
Esteemed Contributor II

You should try two PCs on two different interfaces. I don't know if an 80F has hard-switch like "internal" to combine all LAN ports. But if so, you should break them into individual ports like internal1 and internal2. Then assign different subnets to each interface and connect a PC to one port.

So that it's easy to understand what is external interface what is internal in terms of VIP, which is described at cookbooks and other documents.

View solution in original post

11 REPLIES 11
alexm3

Thanks for your response! Which subnet mask would need to be expanded in this case? The subnet of the internal3 and internal4 ports, or the subnet mask of the PCs themselves? Sorry for such novice questions, I am very new to networking. I really appreciate your help!

 

rwpatterson
Valued Contributor III

If your subnet is 255.255.255.0 (24 bit), then the first three octets of all devices in the subnet have to match.

 

192.168.1.x, 192.168.2.x, etc. 

 

(192.168.2.0/24 and 192.168.3.0/24 respectively)

A device on internal3 would need to have 192.168.2.x, and internal4 would need to have 192.168.4.x. Default gateways would be the Fortigate IP address for each interface.

 

Please look into a rudimentary online networking tutorial. It will help you loads going forward if you plan on pursuing this as a career.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com