Hi, Guys,
My network infrastructure like this:
1. SiteA has internet line (111.111.111.0/24) and a private line (subnet 192.168.1.0/24) connecting to SiteB ( subnet 10.10.10.0/24)
2. When internet user accesses one of my dedicated IP ( 111.111.111.10/24, which is NATed to an IP of Site B ( IP transit ? ), like 10.10.10.5/24)
Any idea to configure the Fortigate 400E in SiteA ?
Many thanks
Incoming direction is easy. Just configure VIP to map 111.111.111.10->10.10.10.5. I assume the route to get to the destination is already there at the 400E. But the returning direction is tricky unless all internet traffic from SiteB comes through SiteA. Because if the access sources outside are random, SiteB's router needs to have a default route coming back to SiteA. Otherwise, it would go out via SiteB's internet, which uses a different outside/public IP for its source address.
If the access sources are limited and their IPs are static, you can set static routes at the SiteB router toward SiteA.
Thanks for your quick reply.
You are right, the route table has been configured.
The configuration is being used in juniper SRX ( Source NAT + destination NAT );
But in Fortigate (Source NAT (IP pool) + Destination NAT (VIP) ) is also working ?
Many thanks
It is so called Double-NAT, thanks a lot, solved
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.