Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
eMZe
New Contributor

Central NAT: DNAT depending on service used?

I have to set up a NAT-intensive box, using FMG + ADOM, 5.6.2 (FG 5.6.3)

Firewall is connected to many worlds, and trying to make everything without central NAT turned up to be quite a mess.

However, on Central NAT, I can not resolve the following situation:

 

If a private-addressed server goes to the internet on SMTP, it should masquerade its source IP as (e.g.) 1.1.1.1, if going out with HTTP request then it has to be masked as 1.1.1.2, if DNS, then 1.1.1.3.

 

Without central NAT, one only has to separate SMTP, DNS and HTTP rules giving every NAT field its own pool.

 

Any ideas? 

Martin

1 Solution
neonbit
Valued Contributor

When you create a NAT rule you can select the protocol/port. Just create three NAT rules with TCP/25, UDP/53 and TCP/80 with each having a different IP Pool.

View solution in original post

2 REPLIES 2
neonbit
Valued Contributor

When you create a NAT rule you can select the protocol/port. Just create three NAT rules with TCP/25, UDP/53 and TCP/80 with each having a different IP Pool.

eMZe
New Contributor

Thank you. Answer is correct.

Just now I have noticed that question is wrong.

I have to do SOURCE nat depending on port used. There is nothing besides the protocol number to select on FMG dialogue and nothing to select on CLI.

Is there any workaround?

 

M

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors