Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Static SrcNat problem


I have this set of nat rules:



OriginSrcIP1 to AnyDest >>>> TranslatedSrcIp1


OriginSrcIP2 to AnyDest >>>> TranslatedSrcIp1


I nat rules not working properly. On the logs I can see some "policy violation" and few logs later the flow works.

Seems that if when the Rule1 works the Rule2 not and vice versa.


The TranslatedSrcIp1 can be assigned only on 1 static nat rule?


Hello Charlie80,

As per your query, it seems you've enabled one-to-one NAT rather than doing the PAT can you let me know the configuration you've done, share the snapshot it would be better.


Esteemed Contributor III

Simple answer, if NAT to one source address from multiple real source addresses would not work, no network of more than 1 host would be able to surf the internet. Right?


The kind of SNAT that is needed in this case is the "overload" NAT, which is the default. Configured as "one-to-one" NAT will not work, as Vishal has already mentioned.


How to: configure an IP pool containing just the one desired translated address (type "overload", external IP range "a.b.c.d - a.b.c.d"), enable NAT in the outbound policy but choose to specify the address to use. Then select the IP pool just created.



"Kernel panic: Aiee, killing interrupt handler!"

Hi @Charlie80 

The NAT which you have enabled is one-to-one mapping.
It works like this, suppose you have configured a NAT type <one-to-one> and in the range if you have configured like this : then it works on first come and first serve basis.


When traffic from OriginSrcIP1 to AnyDest  it will be translated to the IP

Now when at the same time if another traffic came OriginSrcIP2 to AnyDest then the device will not be able to NAT the IP because in the range you have given  one-to-one

It will work only when the IP in the NAT pool is free.

But only one IP at a time will be Ntted.


Top Kudoed Authors