Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Silver
New Contributor

SNAT to range of public ip

Hello guys,

 

I have case where i need to perform Source NAT from a single IP address to a pool of public ip address. What i did i create an ip pool with fix range and select same in the policy, unfortunately it is not working as expected. if i added let say 6 public ip in the pool, the snat ip always chose the first ip define in the pool but i would like to use all public ip randomly.

 

how can we achieved this, also as per the link below see what fortinet mentioned

 

http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-firewall-52/Firewall%20Objects/IP%20P...

 

Thanks

4 REPLIES 4
Silver
New Contributor

Any help plz

anelis
New Contributor

You can try the fixed port allocation or port block allocation in order to achieve what you'd expect.

 

To my understanding, on overload it won't use the other IPs if it is not necessary like not enough sessions.

Silver
New Contributor

I have try same still no luck before i posted here 

anelis
New Contributor

I don't know of any round-robin like NAT pool method. It makes sense that the FortiGate won't use another IP of the pool unless there is a source port conflict or unless there are a lot of connections.

 

Why do you want to "use" the IPs in a uniformly distributed way ? Is there a real purpose ? If yes and NAT isn't doing what you expect, you could:

- split your network and your IP pools in different rules so that, for ex, IPs from 1-50 use the pool1, 50-100 use the pool2 and so on...

- somehow use the wan link load balancing feature. I don't know if it's feasible on one interface alone, I suppose it isn't. In order to avoid this, you could split the public IP range on your router and have those ranges end up as different interfaces on your firewall. Then you'll be able to use the wan load balancing feature.

Labels
Top Kudoed Authors