Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Umesh
Contributor

Preserve source port || Firewall policy ||

Dear all,

 

I have gone through Fortinet Firewall policy but one thing I could not understand why we use Preserve source port.

 

1. Using outing interface address

2. Use dynamic IP pool.

 

In both case what Preserve source port do.

 

Please also share any article so that I can easily understand what actually Preserve source port does.

 

Thank you in advanced.

Fortigate Firewall learner.

 

 

 

 

4 REPLIES 4
xshkurti
Staff
Staff

@Umesh 
Please find below a good explanation on Preserve source port:
Check Description and Scope sections:
Technical Tip: Using Fixedport or Preserve Source ... - Fortinet Community

Hopefully this helps you understand.

Umesh

Hi xshkurti,

 

What is the benefits of using Preserve source port, means what are pros & cons of it.

 

Thank you.

xshkurti
Staff
Staff

@Umesh 
There is no pro or cons, but application needs.
There are applications that do not accept port change. (which is the default behavior of NAT)
Network address translation - Wikipedia
So you have to set (dont change port during nat process) to allow some applications to function properly.

kaman
Staff
Staff

Hello Umesh,

 

Enable the Preserve Source Port option to keep the same source port for services that expect traffic to come from a specific source port.

 

Disable the Preserve Source Port option to allow more than one connection through the firewall for that service.

 

Reference Link: https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/898655/static-snat#:~:text=Enable%20Pre....

 

Hopefully, this helps you understand.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors