Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
longjohnsilver17
New Contributor

Created on ‎08-06-2024 07:28 PM

Setting Up Source NAT IP Address

Hello all,

 

At the moment, I'm currently confused as to how I should configure this. I have been given some IP address information to set up in our Firewall so that we are able to acess the external server from our internal network through an NWI. We have been given the Source NAT IP, DNS IP, URL, Destination IP and Port number. I'm positive that I have to key in some new Address entries and Interface entries to attach to the firewall policy when creating it but I'm not sure where to begin. Your help is appreciated. Thank you.

Labels:
1077
0 Kudos
4 REPLIES 4
amrit
Staff
Staff

Created on ‎08-06-2024 07:38 PM Edited on ‎08-06-2024 07:43 PM

1. Create an address object with the server IP address

2. To use SNAT create an IPOOL type overload

3. Create a firewall policy and in the destination interface chose the wan interface which will be routing the traffic to the sever IP you can check the interface using  the below command 

get router info routing-table details <server ip>
4. Destinations address should be the one we created in the step 1 

5 Source address and interface you can decide based on your requirement

6 Enable NAT and use the IPpool 

7 You can apply security policies if you want

If the access is for port 443 then can select the https service otherwise you can create a service with the custom port number

 

I am jot sure what URL you have but if that is server FQDN then you can create an address type FQDN in the step number 1. 
If you already have a DNS server configured then you may not need DNS provided the DNS is able to resolve the server FQDN

Amritpal Singh
1071
0 Kudos
longjohnsilver17
New Contributor
In response to amrit

Created on ‎08-06-2024 08:04 PM

Yes it is the server FQDN. By stating server IP address do you mean the source nat ip address?

@amrit wrote:

1. Create an address object with the server IP address

 

1049
0 Kudos
amrit
Staff
Staff

Created on ‎08-06-2024 08:55 PM

1. If it is a server FQDN you need to add it to the destination address in the firewall policy.

2.An IP pool should be created with the source NAT IP address. You can follow this link and use the overload option mentioned in this: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-SNAT-with-IP-pool/ta-p/19...

This IP pool then can be used in the firewall policy to NAT the traffic 

Amritpal Singh
1035
0 Kudos
longjohnsilver17
New Contributor
In response to amrit

Created on ‎08-06-2024 09:38 PM

I have created 2 address objects with the 2 source nat ip addresses. I have created an overload ip pool with the source nat ip addresses as the range. In my firewall policy i have selected outgoing interface as the one found using your command. I have also selected both address objects as my destination. Under Firewall/network options i have enabled NAT and selected use dynamic ip pool and selected the ip pool i created. Am I on the correct path so far?

1014
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.