Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor III

Routing Traffic via Secondary IP Address (1:1 NAT)?

Hi All,


I have a Forti 60D sitting behind a router.

The box is configured with LAN IP (e.g. and secondary IP address (e.g. 

The router is at


Currently in traceroute, the router is seeing traffic as the source. 

How to make the traffic to come out from the IP as the source? is it possible on this box?


edit: Something came to mind, if the above is possible, would the change affect traffics coming from the subnet? current ipv4 policy is NO NAT. 


I have this constellation


there is several Roouters connected to my FortiGate for Internetaccess. Each is connected to one Port and that port and the router share a subnet. All Interfaces that are connected to routers for internet are members of sd-wan for load balancing. 

The Policy for internet then is:

-incoming interface/address = where the traffic comes from

- outgoing interface = sdwan

- outgoing address = ANY

and then:

NAT enabled using the destination interface ip.


Since sdwan cares for the routing the packets will get NATed with the ip of the interface they have to go out to the internet. Works fine so far. 

Instead of sdwan you could of course use a single wan too...


"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
New Contributor


You can specify the IP address you want to run the traceroutes from by running:

execute traceroute-options source


Hope that helped.


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors