Hey
I have almost 200 users behind this configuration on a CISCO ASA with DYNAMIC NAT.
We have a new FORTIGATE 200 to replace CISCO ASA.
How can i configure on the FORTIGATE this DYNAMIC NAT ?
EXAMPLE:
interface GigabitEthernet0/0
description Interface OUTSIDE
no nameif
security-level 0
no ip address
!
interface GigabitEthernet0/0.20
description Interface OUTSIDE
vlan 88
nameif outside
security-level 0
ip address 1.1.1.198 255.255.255.252
nat (inside,outside) source dynamic any og_global_outside-1 destination static obj-13.3.84.94 obj-13.3.84.94
nat (inside,outside) source dynamic any og_global_outside-1 destination static obj-13.8.35.5 obj-13.8.35.5
nat (inside,outside) source dynamic any og_global_outside-1 destination static obj-93.64.0.6 obj-93.64.0.6
nat (inside,outside) source dynamic any og_global_outside-1 destination static obj-95.45.46.69 obj-95.45.46.69
nat (inside,outside) source dynamic obj-172.18.0.0 interface
nat (inside,outside) source dynamic obj-172.18.9.0 interface
nat (inside,outside) source dynamic obj-172.18.13.0 interface
nat (inside,outside) source dynamic obj-172.18.16.0 interface
nat (inside,outside) source dynamic obj-172.18.19.0 interface
route outside 0.0.0.0 0.0.0.0 1.1.1.197
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Dear Imel,
As I understood from the post description, you are looking for an option to perform dynamic NAT which means that the device dynamically picks an address from the global address pool that is not currently assigned. Fortigate device have similar functionality and can be configured using central SNAT. Kindly check below link:
https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/421028/central-snat
Regards,
Parteek
To configure dynamic NAT on a FortiGate to replace a Cisco ASA, follow these steps:
Configure the outside interface of the FortiGate with the appropriate IP address.
Create policy-based NAT rules for each line in the Cisco ASA configuration, specifying the source and destination addresses.
Set the NAT type to "Dynamic IP and Port" for source NAT and "Static IP" for destination NAT.
Configure a default route on the FortiGate to forward all traffic to the next hop.
Verify the configuration and test connectivity from the inside network to the outside network.
Refer to the FortiGate documentation for detailed instructions and specific command syntax.
Regards,
Rachel Gomez
Hi Imel,
I believe, you need to create ip pools for each nat ip address.
Later call the same in specific soucre and destination policy.
Please refer to
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-SNAT-with-IP-pool/ta-p/19...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.