Hello Everybody
Is it possible in a F60E (5.4.9) to delete all NAT translation without deleting any other sessions?
Best regards
Gonzalo
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You could do this from the cli 1> set a session filter and then 2> clear those session based on that filter
example
diagnose sys session filter policy <id# >
diagnose sys session list
diagnose sys session clear
PCNSE
NSE
StrongSwan
Hello
I did what you do and seems to be fine. But I still have problems wit NAT one-to-one. is it not supposed to transform OneSource IP to it "equal" SecondaryIP keeping the same final octets?
I mean, i was to translate a 172.16.192.0/21 to 172.20.192.0/21 and this is the result
ook=post dir=org act=snat 172.16.198.45:50236->255.255.255.255:1947(172.20.192.35:50236) hook=pre dir=reply act=dnat 255.255.255.255:1947->172.20.192.35:50236(172.16.198.45:50236)
best regards
It depends how are you nat'ing
example fix and range
edit poolnat set type fixed-port-range set startip 10.10.10.10 set endip 10.10.10.100 set source-startip 10.10.20.10 set source-endip 10.10.20.100 set arp-reply enable set arp-intf wan1 end
PCNSE
NSE
StrongSwan
Hello I'm natting One-to-One
VPN-FGT-??????? # show firewall ippool config firewall ippool edit "SNAT_???_Subnet_???" set type one-to-one set startip 172.20.192.0 set endip 172.20.199.255 set comments "VLAN 192 especifica de la sede" next end
VPN-FGT-??????? # show firewall policy 106 config firewall policy edit 106 set name "Acceso ????" set uuid b3de0ba8-a78c-51e8-5580-ad34dde676e0 set srcintf "_industrial" set dstintf "mpls" "vpn" set srcaddr "INTERNAL_LAN" (172.16.192.0/21) set dstaddr "all" set action accept set schedule "always" set service "ALL" set logtraffic all set nat enable set ippool enable set poolname "SNAT_???_Subnet_???" next end
Best regards
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.