Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.

Port block allocation || Fortigate NAT concept ||

Hi there,


I am little bit confused while reading fortigate port block allocation concept, can anyone make me understand below points which I could not understand as clear as I wanted.

1. What is the use of port block allocation and in which scenario we implement it (NAT concept).

2. Block size. (what is the meaning of it)

3. Blocks per user. (what is the meaning of it)




However I have gone through theory of Fortigate but could not understand as clear as I wanted.

Thank you in advanced.



Fortigate Firewall learner.





Hello Umesh,


Port block allocation is also a type of port address translation (PAT). It gives you more control on how many ports to be allocated to each lan IP from which the traffic is received on the firewall and

firewall should be NATing. 


As explained in the article:


Ideally the number of ports available on an external IP is 60416, now in your case let's say you have defined Block Size as 128, means each block will be having 128 ports, and you have defined, Blocks Per User(which means blocks per internal user IP) as 8.

Above calculates to, each block has 128 ports and each user lan IP will be allocated 8 blocks, in total each user lan IP will be allocated 1024 ports with external IP while NATing, not anything beyond.


Now the question will be how many users can use one external IP with above configuration, so it will be 59 IPs. This is calculated as below:


Total available ports 60416, and each lan IP we are allocating 1024, so 60416/1024 = 59(user IPs).

With normal overload, preserved source port disabled, it's random.

It will depend on the FGT algorithm, if the session will use the same source port or change it.
We will never know.
Unless you use PBA wherein you define the port range that will be used by the source IP address.


Hope this helps.


Hi mhemambika,


Thank you for writing.


let me know in which cases do we use port block allocation can make me understand with scenario.


Lets suppose we have 100 user who wants to go outside world/communicate.


then how we will use port block allocation.



Thank you.

Top Kudoed Authors