Help with 1-1 Static NAT

junglecom · ‎04-01-2013

Hi All, I want create a one to one static NAT for 2 servers through a fortigate-VM firewall. Server 1 VIP: (192.168.2.2) -> Server 1 Private IP: (10.0.3.2) Server 2 VIP: (192.168.2.3) -> Server 2 Private IP: (10.0.3.3) I cant seem to figure this out without checking the NAT option in a incoming traffic policy. Tried to follow the Fortigate documentation, but to put it nicely, it is less comprehensible for sure. Thank you!

junglecom · ‎04-09-2013

Sorry for being a nitwit here but figured out the issue. Rule number #1 of IT: Always check the firewall of the server first. My co-worker, unknown to me, had set iptables to only accept traffic from fortigate private ip address. This is why i could access with incoming NAT turned on and not with it OFF. Cause the source IP would change to the original public IP of the source traffic. Thank you all for your help with this.

emnoc · ‎04-10-2013

good, see how easy that was

PCNSE

NSE

StrongSwan

rwpatterson · ‎04-10-2013

ORIGINAL: emnoc good, see how easy that was

Easy to say once the problem came to light.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com