I have case where i need to perform Source NAT from a single IP address to a pool of public ip address. What i did i create an ip pool with fix range and select same in the policy, unfortunately it is not working as expected. if i added let say 6 public ip in the pool, the snat ip always chose the first ip define in the pool but i would like to use all public ip randomly.
how can we achieved this, also as per the link below see what fortinet mentioned
I don't know of any round-robin like NAT pool method. It makes sense that the FortiGate won't use another IP of the pool unless there is a source port conflict or unless there are a lot of connections.
Why do you want to "use" the IPs in a uniformly distributed way ? Is there a real purpose ? If yes and NAT isn't doing what you expect, you could:
- split your network and your IP pools in different rules so that, for ex, IPs from 1-50 use the pool1, 50-100 use the pool2 and so on...
- somehow use the wan link load balancing feature. I don't know if it's feasible on one interface alone, I suppose it isn't. In order to avoid this, you could split the public IP range on your router and have those ranges end up as different interfaces on your firewall. Then you'll be able to use the wan load balancing feature.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.