hi, i do have central nat problem for pointing same destination with different ip pool
in my case, there is configured different source, same destination with different Ip pool. However the result look no good.
for example, i tried use 2 machine for test, each assign to use different ip pool for SNAT. But only 1 workstation able to reach the destination with the ip pool, the other one unable reach at all.
i tried swap the sequence the rules, also no luck.
anyone have the idea? would it because snat session only allow occupied by 1 workstation. sound doesn’t make sense.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Why not use Policy NAT?
It's migration from checkpoint to FGT. That why It's best to central NAT. There is 200 NAT and 200 Policy. If using policy nat, there will double up the policy and not easy to migrate and took time.
That why would like figure out whether does FGT central nat support scenario or it's bug or missing need some config for above.
Created on 04-19-2023 04:45 AM Edited on 04-19-2023 04:46 AM
Boo, firewall migration though is not really a best practice, neither is central NAT. Also using policy based NAT would be half the amount of the configuration, not double since you aren't making separate NAT Rules for traffic. The NAT statements are contained within your existing firewall policies.
This is an exact use-case why I never recommend using firewall migration tools. Old items from old firewalls are brought forward to a shiny new firewall, un-used rules, etc etc
Can you show the rules you have?
HI Guys,
I found the solution and fix it. Thanks
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.