Hello @All,
I have to Set up some internal DNAT and SNAT Entries and on reading some guides how to do that.
I have seen that there is a feature calling Central SNAT available.
I'm not really understand for what it is.
Could someone explain to me what is the goal of Central SNAT and do I need that?
Many thank's
TBC
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
As I jokingly say - Central NAT was invented to lure Checkpoint admins to the Fortinet world :)
AS a technical feature it does not add much - mainly it separates managing NAT rules from Security Rulebase into its own, NAT Policy (OK, it does add ability to manipulate src port, but who uses it anyway :)). But it does become mandatory when working in Policy-based Mode, i.e. when you configure UTM features directly inside each Security Rule, instead of Security Profiles.
Configuring it, anyway, is just as easy as doing the 'old' way. SNAT means that not only Destination IP is manipulated, but Source IP inside the packet as well. I even wrote post how to do it once - https://yurisk.info/2021/05/24/perform-snat-and-dnat-on-the-same-traffic-in-fortigate/
HTH
As I jokingly say - Central NAT was invented to lure Checkpoint admins to the Fortinet world :)
AS a technical feature it does not add much - mainly it separates managing NAT rules from Security Rulebase into its own, NAT Policy (OK, it does add ability to manipulate src port, but who uses it anyway :)). But it does become mandatory when working in Policy-based Mode, i.e. when you configure UTM features directly inside each Security Rule, instead of Security Profiles.
Configuring it, anyway, is just as easy as doing the 'old' way. SNAT means that not only Destination IP is manipulated, but Source IP inside the packet as well. I even wrote post how to do it once - https://yurisk.info/2021/05/24/perform-snat-and-dnat-on-the-same-traffic-in-fortigate/
HTH
Hello,
best thanks for this info!
I will then stay with the old form without Central NAT since I do not see much added value in this.
Thank you for your comments
Greetings
TBC
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1720 | |
1095 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.