I'm in the process of getting familiar with the Fortigate UI, and the nomenclature differences between it and my old firewall is hobbling me a bit. I'm hoping someone can kindly point me in the right direction on how to do what I'm looking to do.
I have five static public IP addresses (let's say 209.x.x.1, 209.x.x.2, 209.x.x.3, etc). I'd like for outgoing traffic coming from subnet 10.1.1.1/24 to have a public IP 209.x.x.1. I'd then like for outgoing traffic coming from subnet 10.2.1.1/24 to use the public IP of 209.x.x.2. And so forth. (This is just a rough example.)
How do I achieve this on Fortigate? Thank you!
Relatively simple. Basic steps are below:
1. Create an IP Pool per each outside IP
2. Create a policy and specify the source with each internal subnet and other as you would do for any regular outgoing policies, then at the NAT section, select "Use Dynamic IP Pool" and select one of IP Pools you created.
Toshi
As Toshi outlined above, five pools, and then five policies (one for each internal network) with a specific NAT pool would do it.
You could also look into Central NAT - that would let you create centralized NAT rules independent of policies (so subnet A would always be NATed to public IP A, and B NATed to B, etc, and you could have a single policy for subnets A-E going out), if you're going to have complex NAT requirements and don't want to handle those via separate firewall policies.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.