hi guys,
recently i have a job to migrate from ASA firewall to Fortigate. and now im facing a problem that might be simple to be done in ASA but not in Fortigate (for my view of course) hehehe...
so. in the existing ASA there is a NAT configuration like following :
object network IT-A
host 192.168.1.1
nat (inside, DMZ) static 172.16.1.10
object network IT-A-1
host 192.168.1.1
nat (inside,outside) static 202.134.8.x
then i tried to config my fortigate that have a same function as above command on ASA using Virtual IP, but i always got error, it said something like "duplicate entry ..."
is there any way to have a same configuration as ASA on fortigate ?
thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Couldn't you use a VIP for this?
config firewall vip
edit "IT_A"
set extip "202.134.8.x"
set extintf "any"
set mappedip "172.16.x.x"
next
end
" The Linux philosophy is ' Laugh in the face of danger' . Oops. Wrong One. ' Do it yourself' . Yes, that' s it." - Linus Torvalds
hi,
sorry, missed your post.
What you are looking for is "source NAT". For example, a 192.168.1.10 source address will be translated to 208.x.y.z when traversing from 'inside' to 'outside'.
This is done via "IP pools" in FortiOS. For the example, it is sufficient to tick "NAT" in the policy which allows sessions from 'inside' to 'WAN'. Then the (current) WAN interface address will be used for source NAT.
If you want to have full control over the source address then create an IP pool and specify it's name in the policy.
Please have a look at the concept in the 'FortiOS Handbook', available for download at docs.fortinet.com . You'll see it's quite easy once you get the grasp of it.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1702 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.