Hi All,
A small query . We have a scenario where we have to do One-to-One NAT for our trusted zone server IP on Fortigate firewall.
Eg: Servers Actual IP : 10.10.10.100/24 , 10.10.10.150/24 , 10.10.10.200/24 , 10.10.10.250/24
We have Taken a Pool for NATTING which is as : 192.168.100.0/24
Would like to NAT as:
Server-1(10.10.10.100) with 192.168.100.100
Server-2(10.10.10.150) with 192.168.100.150
Server-3(10.10.10.200) with 192.168.100.200
Server-4(10.10.10.250) with 192.168.100.250
Do we need to configure any Gateway for NAT Subnet (i.e. 192.168.100.0/24) and can directly go and NAT one-to-one or anything additional....on fortigate ?
I know that at remote end we have to do routing for 192.168.100.0/24 towards Fortigate end
Diagram attached for reference
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I sense something isn't right in your description. Why do those servers access IPs need to be in the same subnet with all clients? That's very unusual. And it might cause some routing issue on the remote end router (even if not right now then in the future when somebody inherits the management of network).
With the FGT, you just need to set DNAT(VIP) for those 4 IPs.
"NATting is poor man's routing", one of my beliefs. Not always but often.
In fact, this setup would usually be solved with plain routing. An exact 1:1 NAT in both directions (DNAT and SNAT) is not so simple. There is a KB article about using VIPs for this.
:-)) Yeah, I know...But this is requirement.
Could you please suggested, if there is any gateway need to be configure for NAT IP Pool, Or we straight away go for One-2-one to DNAT(VIP).
Hi Anyone ,
Can anyone please suggest on the gateway part....
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1468 | |
1007 | |
748 | |
443 | |
206 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.