NAT 1:1 LAN to LAN

it-andreagx · ‎09-18-2024

Hello,

I need to setup a rule that does this:
I have a device with this IP 192.168.250.1 (it cannot be changed) connected to LAN

I need to "associate" IP 192.168.250.1 with a local IP 10.0.3.115.

So when the http://10.0.3.115 is opened the really IP 192.168.250.1 have to respond
10.0.3.115 -> 192.168.250.1.

I guess 1:1 NAT and vrtual IP is not right way.
Any hint about this?

dbhavsar · ‎09-18-2024

Hello @it-andreagx ,

- Create a firewall policy with your source-ip and then apply 1:1 NAT to it and place that policy on top.

DNB

it-andreagx · ‎09-18-2024

Do you mean in this way?

forti_creenshot 2024-09-18 142704.png

dbhavsar · ‎09-18-2024

Hi @it-andreagx ,

So basically, your 192.168.250.1 should be NATed to 10.0.3.115 when leaving lan interface, correct? If yes create an IP-Pool and apply it to above policy and source and destination needs to be swapped.

DNB

it-andreagx · ‎09-19-2024

no way :(
even with this setup if I ping the IP 10.0.3.115 the IP 192.168.250.1 do not reply

vbandha · ‎09-21-2024

Hello @it-andreagx

You need to create a VIP with external IP 10.0.3.115 and internal IP 192.168.250.1:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Virtual-IP-VIP-port-forwarding-configurati...

You then need to make firewall policy with incoming interface as the interface where you are pinging from. Outgoing interface will be where 192.168.250.1 is located. In this policy add the VIP object in destination and in source you can keep 'all'.

Let me know if that works for you.

Regards,

Varun

NAT 1:1 LAN to LAN

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website