Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jgrimm77
New Contributor

Selective NAT with SD-WAN

Hello,

The context is a firewall policy to an SD-WAN zone. 

Basic details: SD-WAN zone has two interface members: wan1 and GRE_Tun_0.

Is there any way for the policy to selectively NAT, depending on which zone interface gets used?

Example: traffic to wan1 must NAT but traffic to GRE_Tun_0 must not NAT?

Thanks.

3 REPLIES 3
akristof
Staff
Staff

Hello,

 

Thank you for your question. In older versions of FortiOS, you could select each SDWAN member individually in firewall policy and that could be used for this.

In newer versions, only option is to create 2 different SDWAN zones. One for wan1, second for GRE tunnel. Then you can have 2 firewall policies, for each zone, where you can enable/disable NAT based on your requirements.

Adrian
jgrimm77

Hello and thanks for the feedback.

I didn't think of that but yeah, interesting idea to try. I'm testing how it works with Central NAT and that seems to do the trick as well...

 

akristof

Hello,

 

Central NAT also work, I didn't think about that. Good idea.

Adrian
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors