Original Source | Original Destination | Translated Address | Translated Destination |
10.12.10.100 | 10.10.10.12 | 10.91.18.100 | 10.110.37.11 |
10.12.10.100 | 10.10.10.10 | 10.91.18.99 | 10.110.37.11 |
Hi @ck8882,
If you are using central NAT, it should work as SNAT and DNAT are handled separately.
Regards,
HI @hbac
Thanks for your comment. So i also could conclude it FGT is not support design above as the traffic only will work either one or the other, which is not able to match the checkpoint NAT config and migrate over to FGT.
Thanks
It is supported. I tested in my lab and it worked. What I'm saying is SNAT and DNAT are configured separately unlike Checkpoint which you can configure in the same rule. NAT with different IP pool IP address from the same source and different destination should work on FortiGate.
Regards,
HI @hbac ,
I was tested it with above design and condition, however, it's not work as expected. Would you mind share the configuration since your testing is working.
In my testing, as the 2 list Original Source and Translated Destination value is same, the traffic will be only work on top SNAT (10.91.18.100) flow after either one DNAT table process. The 2nd list of SNAT (10.91.18.99) will not been even hit.
Is there any configuration or comment from FGT could manual force translate source “10.91.18.99” would be apply to process if the traffic from 2nd list?
Thanks
Below is my setup.
Original Source | Original Destination | Translated Address | Translated Destination |
192.168.3.2 | 192.168.3.100 | 192.168.10.100 |
192.168.10.2
|
192.168.3.2 | 192.168.3.200 | 192.168.10.200 |
192.168.10.3
|
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.