Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
theArties
New Contributor III

Routing Traffic via Secondary IP Address (1:1 NAT)?

Hi All,

 

I have a Forti 60D sitting behind a router.

The box is configured with LAN IP (e.g. 192.168.1.1/24) and secondary IP address (e.g. 10.18.18.2/28). 

The router is at 10.18.18.1.

 

Currently in traceroute, the router is seeing 192.168.1.1 traffic as the source. 

How to make the traffic to come out from the IP 10.18.18.2 as the source? is it possible on this box?

 

edit: Something came to mind, if the above is possible, would the change affect traffics coming from the 192.168.1.0/24 subnet? current ipv4 policy is NO NAT. 

2 REPLIES 2
sw2090
Honored Contributor

I have this constellation

 

there is several Roouters connected to my FortiGate for Internetaccess. Each is connected to one Port and that port and the router share a subnet. All Interfaces that are connected to routers for internet are members of sd-wan for load balancing. 

The Policy for internet then is:

-incoming interface/address = where the traffic comes from

- outgoing interface = sdwan

- outgoing address = ANY

and then:

NAT enabled using the destination interface ip.

 

Since sdwan cares for the routing the packets will get NATed with the ip of the interface they have to go out to the internet. Works fine so far. 

Instead of sdwan you could of course use a single wan too...


-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

Adam_Cloud
New Contributor

Hi,

You can specify the IP address you want to run the traceroutes from by running:

execute traceroute-options source 10.18.18.2

 

Hope that helped.