Central Nat behavior - exemption "no nat" rule

DenT88 · ‎03-04-2025

Hello all - new to Fortigate Central Nat and just wanted to run something by the community here.

Looking to exempt NAT for a specific source and destination - while maintaining NAT\PAT to internet bound destinations for the same source. My questions are, can a "No NAT" rule be created\utilized in Central NAT, and how are the rules parsed\ matched ? Assume top-down correct?

Here's an example of what I'm after - 3 interfaces on the firewall. I just want to NOT nat the Forti voice ip when the destination is the CCUM server ip. Can I create a rule with those sources and destinations and just turn NAT off -then create a rule below for everything else internet bound? Thanks in advance all

inside – outside – any – any – NAT\PAT - to internet

hosted –outside – Fortivoice IP – CCUM IPs– no NAT

hosted – outside – any – any – NAT\PAT - to internet

pminarik · ‎03-04-2025

Yep, you certainly can! Just switch off the "NAT" toggle in the NAT policy.

And you're also correct about the matching order, top->down, first valid match wins.

[ corrections always welcome ]

View solution in original post

pminarik · ‎03-04-2025

Yep, you certainly can! Just switch off the "NAT" toggle in the NAT policy.

And you're also correct about the matching order, top->down, first valid match wins.

[ corrections always welcome ]

DenT88 · ‎03-05-2025

Perfect ....Thanks for the quick reply !

Central Nat behavior - exemption "no nat" rule

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website