Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Fortigate500D - NAT/Port troubles

Hello! I'm trying to configure a game server behind my Fortigate500d on version 6.4. The server is running web/smtp/imap and traffic is flowing correctly for those ports. However I'm seeing a weird pattern on my game port.


The traffic correctly hits the server via VIP and IPv4 policy that allows the traffic in. However, when sending the packets back out it is attempting to hit the PRIVATE IP of the source computer out on the internet. IE - it receives the traffic on port 26900 from a client trying to connect and forwards it to my game server. The server sends a reply but the Fortigate is then trying to hit the client computer via instead of it's external IP address. Obviously, as this point the packet fails to reach its destination because it can't find the private IP address on the WAN. 


I'm not sure if this is a server problem or a NAT translation problem on the firewall.


VIP Settings:

Name: Webserver

Interface: WAN

Type: Static NAT

External IP:

Internal IP:

optional filters: off

port forwarding: off


Inbound IPV4 Policy WAN > LAN

Name: INTO Webserver

Incoming Interface: WAN

Outgoing Interface: LAN

Source: All

Destination: Webserver (VIP)

Schedule: Always

Service: TCP/UDP-26900-26903

Action: Accept

Inspection Mode: Flow-Based

NAT: off


Outbound IPV4 Policy LAN > WAN

Name: OUTBOUND Webserver

Incoming Interface: LAN

Outgoing Interface: WAN

Source: Webserver (address object)

Destination: all

Schedule: always

Service: ALL

Action: Accept

NAT: on

IP Pool Configuration: Use outgoing interface address

preserve source port: off



Am I missing something that would cause it to try and reply to a private IP address instead of the client's external/NAT IP address over WAN?


Thanks for any insight you can give. Stay safe out there in these crazy times!




Top Kudoed Authors