Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Silver
New Contributor

NAT Internal Traffic

Dear All,

Can someone tell me why for internal traffic do we need to enable nat in the policies.

Like example;

I have the following network 192.168.1.0/24 on vlan x and network 10.64.28.0/24 on vlan y. Both vlan's are using firewall as gateway and a sub interface configured with trunk to allow both vlan's. The problem if i do not enable nat on the policies both subnet cannot communicate. 

 

Thanks

8 REPLIES 8
gschmitt
Valued Contributor

Is the FortiGate the default gateway for both VLANs? You said "firewall" but do you mean the FortiGate?

Silver
New Contributor

Hi,

Thank you for your reply. Yes Fortinet is using as gateway for both vlan's

 

 

Silver
New Contributor

Hi All,

Anyone can suggest what could be the problem.

 

Thanks 

Allwyn_Mascarenhas
Contributor

Silver wrote:

Dear All,

Can someone tell me why for internal traffic do we need to enable nat in the policies.

Like example;

I have the following network 192.168.1.0/24 on vlan x and network 10.64.28.0/24 on vlan y. Both vlan's are using firewall as gateway and a sub interface configured with trunk to allow both vlan's. The problem if i do not enable nat on the policies both subnet cannot communicate. 

 

Thanks

i do not get this part:

sub interface configured with trunk to allow both vlan's.

 

There should 2 vlan subinterfaces acting as gw for both the vlans and those 2 should behave like normal interfaces. Where does the trunk come in?

 

 

vjoshi_FTNT
Staff
Staff

Hello,

 

Does it happen with complete subnet or only specific hosts are tested?

- This looks to be more of a AV/Firewall on the end user or can be another L3 device which allows traffic only from the subnet it is connected to

 

Worth checking that part

 

 

 

 

Silver wrote:

Dear All,

Can someone tell me why for internal traffic do we need to enable nat in the policies.

Like example;

I have the following network 192.168.1.0/24 on vlan x and network 10.64.28.0/24 on vlan y. Both vlan's are using firewall as gateway and a sub interface configured with trunk to allow both vlan's. The problem if i do not enable nat on the policies both subnet cannot communicate. 

 

Thanks

vjoshi_FTNT
Staff
Staff

Also, run debug flow or a simple sniffer command to see if the traffic exits the Fortigate on the egress VLAN or not.

 

 

Silver

Hi Vjoshi,

Thank you for your reply. This happen only with specific host but not the whole subnet. but the client did not enable the firewall or av

 

Thanks

Silver
New Contributor

i see only arp request when i did an sniffer packet

Top Kudoed Authors