Hello guys,
I have case where i need to perform Source NAT from a single IP address to a pool of public ip address. What i did i create an ip pool with fix range and select same in the policy, unfortunately it is not working as expected. if i added let say 6 public ip in the pool, the snat ip always chose the first ip define in the pool but i would like to use all public ip randomly.
how can we achieved this, also as per the link below see what fortinet mentioned
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Any help plz
You can try the fixed port allocation or port block allocation in order to achieve what you'd expect.
To my understanding, on overload it won't use the other IPs if it is not necessary like not enough sessions.
I have try same still no luck before i posted here
I don't know of any round-robin like NAT pool method. It makes sense that the FortiGate won't use another IP of the pool unless there is a source port conflict or unless there are a lot of connections.
Why do you want to "use" the IPs in a uniformly distributed way ? Is there a real purpose ? If yes and NAT isn't doing what you expect, you could:
- split your network and your IP pools in different rules so that, for ex, IPs from 1-50 use the pool1, 50-100 use the pool2 and so on...
- somehow use the wan link load balancing feature. I don't know if it's feasible on one interface alone, I suppose it isn't. In order to avoid this, you could split the public IP range on your router and have those ranges end up as different interfaces on your firewall. Then you'll be able to use the wan load balancing feature.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.