Hi Team,
We would like to seek for your advice, on below.
The requirement is to NAT a single source IP to a dynamic IP pool for accessing a single host for each session. Is this feasible with FortiGate? If so, please provide the configuration steps.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @MVSantoshReddy
Check this article
regards,
Sheikh
Hello @Sheikh ,
Thank you for the response. The article provides an in-depth explanation of the formula, but I don't believe it addresses my requirement for a single source to multiple externals per session. Could you help me review and confirm if this is feasible with FortiGate?
hi @MVSantoshReddy
Can you please provide details of your issue? It will help us to answer better.
The requirement is to NAT a single source IP to a dynamic IP pool, meaning that each time the actual source enters the firewall, it should leave with an external IP from the configured pool. Instead of using just one IP, it should allocate the next available IP for each new session created on the firewall, ensuring each session ID is unique. Is this achievable with Fortigate? If so, could you provide the configuration steps?
Source IP: 10.0.0.1/32
NATted IP Pool: 172.16.0.0/24
Destination IP: 10.0.1.123/32
I tested in LAB and seems like this is not feasible. I am looking for some other option. I will keep you posted.
hm since snat is done by policy couldn't you create a policy to that destination ip that only matches that one source ip and has a NAT IP Pool in it? Once you make sure no other policy matches that source and destination before it that might do the trick?
Well reading again I am not sure wether that matches the second part. I think snat takes the first IP from pool and once that is already in use will take the next.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1669 | |
1082 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.