Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
felix34
New Contributor

NAT switch in IPV4 policy

Hello,

 

I don't understand  when to set or unset the NAT button.

 

I have two servers on my LAN that are reachable on the same WAN with port mapping from WAN adress IP: port_to_translate to  LAN IP: port_translated.

On the first server I have a SSH server without the NAT button set on the Policy  and it works.

I can access the server from WAN.

On the second server I have a web server ( node.js) but I have to  have the NAT switch set on.

If the switch is off , I can't access the server web.

 

In which case in port translate I need to turn the switch on or off in the policy?

Thank you.

 

Félix 34

 

 

      

 

 

 

1 Solution
Toshi_Esumi
Esteemed Contributor II

That means the second server's default route is not coming through the FGT's interface. VIP=DNAT. So regularly don't need NAT(SNAT) enabled, which by default SNATs the source IP to the interface IP, as long as the returning packets from the destination come back to the same interface at the FGT.

View solution in original post

2 REPLIES 2
Toshi_Esumi
Esteemed Contributor II

That means the second server's default route is not coming through the FGT's interface. VIP=DNAT. So regularly don't need NAT(SNAT) enabled, which by default SNATs the source IP to the interface IP, as long as the returning packets from the destination come back to the same interface at the FGT.

felix34

Thanks Toshi.