I used the following VIP config to perform a PAT (without NAT) on 5.x;
set src-filter "172.17.2.1" "172.18.1.14"
set extip 10.1.2.1
set extintf "any"
set arp-reply disable
set portforward enable
set mappedip "10.1.2.1"
set extport 22
set mappedport 2022
However on 6.0.10 creating this object fails with "
Static NAT's extip should be different from mappedip.
object check operator error, -8, discard the setting
Command fail. Return code 1"
I'm surprised that would have ever worked. It sounds like a bug, because port-forwarding is redundant without NAT being involved. Just tell whoever is connecting on port 22 to connect on port 2022, or change the application so that is listens on port 22. Either way, port translation in this scenario seems like a hack around the real issue.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.