Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MVSantoshReddy
New Contributor

Created on ‎08-02-2024 02:10 AM

FortiGate | inquiry on S-NAT IP Pool.

Hi Team,

 

We would like to seek for your advice, on below.


The requirement is to NAT a single source IP to a dynamic IP pool for accessing a single host for each session. Is this feasible with FortiGate? If so, please provide the configuration steps.

 

 

Labels:
886
0 Kudos
6 REPLIES 6
Sheikh
Staff
Staff

Created on ‎08-02-2024 02:32 AM

Hello @MVSantoshReddy 

 

Check this article 

 

regards,

 

Sheikh

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**
876
MVSantoshReddy
New Contributor
In response to Sheikh

Created on ‎08-02-2024 03:01 AM

Hello @Sheikh ,

 

Thank you for the response. The article provides an in-depth explanation of the formula, but I don't believe it addresses my requirement for a single source to multiple externals per session. Could you help me review and confirm if this is feasible with FortiGate?

869
0 Kudos
Mrinmoy
Staff
Staff

Created on ‎08-02-2024 08:09 AM

hi @MVSantoshReddy 

Can you please provide details of your issue? It will help us to answer better.

Mrinmoy Purkayastha
831
MVSantoshReddy
New Contributor
In response to Mrinmoy

Created on ‎08-02-2024 08:39 PM

The requirement is to NAT a single source IP to a dynamic IP pool, meaning that each time the actual source enters the firewall, it should leave with an external IP from the configured pool. Instead of using just one IP, it should allocate the next available IP for each new session created on the firewall, ensuring each session ID is unique. Is this achievable with Fortigate? If so, could you provide the configuration steps?

Source IP: 10.0.0.1/32
NATted IP Pool: 172.16.0.0/24
Destination IP: 10.0.1.123/32

798
0 Kudos
Mrinmoy
Staff
Staff

Created on ‎08-06-2024 10:07 AM

I tested in LAB and seems like this is not feasible. I am looking for some other option. I will keep you posted.

Mrinmoy Purkayastha
687
sw2090
SuperUser
SuperUser

Created on ‎08-06-2024 11:59 PM

hm since snat is done by policy couldn't you create a policy to that destination ip that only matches that one source ip and has a NAT IP Pool in it? Once you make sure no other policy matches that source and destination before it that might do the trick?

 

Well reading again I am not sure wether that matches the second part. I think snat takes the first IP from pool and once that is already in use will take the next. 

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
669
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.