Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Autumn 2024 badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiConnect
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDB
- FortiDDoS
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGuard
- FortiGate Cloud
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiPhish
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiWAN
- FortiVoice
- FortiWeb
- FortiWebCloud
- Lacework
- RMA Information and Announcements
- Wireless Controller
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Fortinet and pubblic ip
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortinet and pubblic ip
Good Morning
i' m a question and sorry for my english
I have a firewall fortigate 80c with software versione 5.0.1
I have 5 pc
192.168.0.1
192.168.0.2
192.168.0.3
192.168.0.4
192.168.0.5
and firewall 192.168.0.250
i have a connection internet with fix ip public ( class of ip public 255.255.255.248)
my question is
is it possible pc 192.168.0.1 navigate in internet with public internet different and pc 192.168.0.2 navigate in internet with different ip public
Thank you very mutchhh
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi,
and welcome to the forums.
Yes that is possible: to have multiple internal hosts use different public IP addresses when accessing the internet.
This is the way to do it:
When traffic from an internal host passes the Fortigate it has to get a public source address so that it can be routed on the internet. Your ISP knows where to send the reply traffic back to looking at that public IP address.
Exchaning the source address is called source NAT. On a Fortigate you do that in the policy from ' internal' to ' wan1' (or whatever port you use for WAN access). You check the ' Dynamic NAT' checkbox to enable source NAT.
Without any other changes the FGT will now use the public IP of that port as the source address of all outgoing traffic.
If you want to use a different IP address then define this address as an ' IP pool' . It' s located in ' Firewall objects' . You can define an IP pool with just one address if you like. When checking the ' Dynamic NAT' option in the policy you can also specify this IP pool to be used.
Usually an IP pool contains several addresses. Say, you have 8 public addresses in a pool. Then these addresses will be used one after the other until exhausted, and then the FGT starts at the first address over again. This way is efficient but you cannot tell which internal host will use which public address.
That' s where one-address-IP pools come in. Use one IP pool with one public address in one policy matching only one internal source address. For 5 internal hosts you will need 5 policies but you will know for sure which host is using which public address.
Hope this will do for you.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Also, please upgrade your firmware to at least 5.0.7. There are significant issues with versions 1,2 and 3. 4 is stable, but is prone to the heartbleed vulnerability, as is 5 and 6. They are up to 5.0.9 now, so you may want to move through the recommended firmware upgrades all the way up to 5.0.9
EDITED to concur with Istvan below, in case someone stops reading here!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
From the 5.0.9 Release Notes;
" FortiOS v5.0 Patch Release 9 officially supports upgrading from FortiOS v5.0 Patch Release 6 or later."
FortiOS 5.0.9 Release Notes
http://docs.fortinet.com/d/fortigate-fortios-5.0.9-release-notes
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can apply certain natting to your policies to make certain internal addresses show as certain outside addresses (as long as you have those addresses overloaded to the wan interface.
Mike Pruett
Mike Pruett
Fortinet GURU | Fortinet Training Videos
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
is it possible pc 192.168.0.1 navigate in internet with public internet different and pc 192.168.0.2 navigate in internet with different ip publicHi, ede_pfau proposed one solution based on single-address pools and multiple policies. There' s another, based on Central NAT Table (which I believe is more object-oriented and hence more configuration efficient). Start by reading this: http://docs-legacy.fortinet.com/cb/html/index.html#page/FOS_Cookbook/Firewall/cb-firewall-snat3.html As you' ve seen, Central NAT Table lets you define NAT rules not only per IP address but also per port numbers. If you want to ignore the port numbers, just follow the pattern: Nat ID 1 Source Address = IP_Inside_1 Translated Address = IP_Ouside_1 Original Source Port = 1-65535 Translated Port = 1-65535 Nat ID 2 Source Address = IP_Inside_2 Translated Address = IP_Ouside_2 Original Source Port = 1-65535 Translated Port = 1-65535 etc. where obviously IP_Inside_1 = 192.168.0.1 IP_Inside_2 = 192.168.0.2 etc. While configuring a firewall policy, be sure to tick " Enable NAT" and choose " Use Central NAT Table" Good luck! Rafal
FCNSP 4.x running FortiOS 5.0.4 on FG621B A-A HA
FCNSP 4.x running FortiOS 5.0.4 on FG621B A-A HA
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you very mutch for the support
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
Labels
-
FortiGate
8,012 -
FortiClient
1,606 -
5.2
801 -
FortiManager
677 -
5.4
639 -
FortiAnalyzer
516 -
FortiSwitch
423 -
FortiAP
421 -
6.0
416 -
5.6
362 -
FortiClient EMS
362 -
FortiMail
300 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
187 -
SSL-VPN
174 -
FortiNAC
160 -
IPsec
154 -
6.4
128 -
FortiGuard
124 -
FortiGateCloud
98 -
FortiCloud Products
94 -
FortiSIEM
93 -
SD-WAN
88 -
FortiToken
86 -
Customer Service
74 -
Wireless Controller
74 -
FortiAuthenticator
68 -
4.0MR3
64 -
FortiProxy
53 -
Firewall policy
53 -
FortiEDR
50 -
Fortivoice
49 -
FortiADC
49 -
FortiExtender
43 -
VLAN
42 -
FortiDNS
41 -
High Availability
40 -
FortiSandbox
39 -
ZTNA
37 -
FortiGate v5.4
35 -
Routing
34 -
LDAP
34 -
FortiSwitch v6.4
33 -
DNS
33 -
BGP
32 -
SAML
31 -
Certificate
30 -
Interface
29 -
SSO
27 -
NAT
27 -
FortiConnect
25 -
Authentication
25 -
FortiWAN
24 -
FortiConverter
24 -
RADIUS
24 -
FortiGate v5.2
23 -
VDOM
23 -
FortiLink
22 -
Virtual IP
20 -
Web profile
20 -
FortiSwitch v6.2
18 -
FortiPortal
18 -
Fortigate Cloud
18 -
Logging
18 -
FortiMonitor
16 -
Traffic shaping
16 -
Application control
16 -
FortiDDoS
15 -
FortiPAM
15 -
FortiGate v5.0
14 -
SSL SSH inspection
14 -
OSPF
13 -
FortiCASB
12 -
SSID
12 -
IP address management - IPAM
12 -
FortiManager v5.0
11 -
Automation
11 -
Admin
11 -
Static route
11 -
WAN optimization
11 -
Web application firewall profile
11 -
FortiRecorder
10 -
SNMP
10 -
4.0MR2
9 -
FortiSOAR
9 -
FortiWeb v5.0
9 -
FortiAP profile
9 -
FortiGate v4.0 MR3
8 -
FortiManager v4.0
8 -
FortiBridge
8 -
IPS signature
8 -
System settings
8 -
Proxy policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
RMA Information and Announcements
7 -
Traffic shaping policy
7 -
FortiCache
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Security profile
6 -
Port policy
6 -
Intrusion prevention
6 -
FortiCarrier
5 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Fabric connector
5 -
3.6
4 -
FortiDeceptor
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Antivirus profile
4 -
Traffic shaping profile
4 -
DLP sensor
4 -
Email filter profile
4 -
Web rating
4 -
Fortinet Engage Partner Program
4 -
FortiDB
3 -
FortiHypervisor
3 -
Explicit proxy
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Netflow
3 -
Replacement messages
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
API
2 -
FortiNDR
2 -
Application signature
2 -
Authentication rule and scheme
2 -
Protocol option
2 -
Schedule
2 -
Service
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Kerberos
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
TACACS
1 -
SDN connector
1 -
Multicast policy
1 -
Cloud Management Security
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1468 | |
| 1007 | |
| 748 | |
| 443 | |
| 206 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.