IP transit ( how-to ) ?

Hi, Guys,

My network infrastructure like this:

1. SiteA has internet line ( and a private line (subnet connecting to SiteB ( subnet

2. When internet user accesses one of my dedicated IP (, which is NATed to an IP of Site B ( IP transit ? ), like


Any idea to configure the Fortigate 400E in SiteA ?


Many thanks


Incoming direction is easy. Just configure VIP to map> I assume the route to get to the destination is already there at the 400E. But the returning direction is tricky unless all internet traffic from SiteB comes through SiteA. Because if the access sources outside are random, SiteB's router needs to have a default route coming back to SiteA. Otherwise, it would go out via SiteB's internet, which uses a different outside/public IP for its source address.

If the access sources are limited and their IPs are static, you can set static routes at the SiteB router toward SiteA.


Thanks for your quick reply.


You are right, the route table has been configured.


The configuration is being used in juniper SRX ( Source NAT + destination NAT );


But in Fortigate (Source NAT (IP pool) + Destination NAT (VIP) ) is also working ?


Many thanks



It is so called Double-NAT, thanks a lot, solved


