Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Stephan_s
New Contributor III

Created on ‎12-09-2023 02:26 AM

ZTNA - NatPool used by default

Dear Colleagues,
I'm currently implementing ZTNA in our Company. In Order to do this, I connect a lot of internal Services to ZTNA. There is no problem connecting Services, directly connected to the firewall (in local VLANs) but we have several VPN Site to Site Tunnels connected as well with a lot of services behind those tunnels (mostly in running AWS). Now the problem with it is that I need to use a NAT IP in the Proxy-Policy (set poolname ...) to get a proper IP to route through the Tunnels and to open in the corresponding security groups on AWS side. Its described here:
https://docs.fortinet.com/document/fortigate/7.2.0/new-features/230508/using-the-ip-pool-or-client-i...
But as there is no possibility to do this in UI (FortiOS 7.2.6), I need to add this in the CLI for each Policy. This is a lot of stupid work and so I come to the question: is there a possibility to set a default IP or IP-Range to connect to backend servers by all Proxy-Policies? 

 

thank you in advance

best, stephan

Labels:
774
0 Kudos
2 REPLIES 2
lgupta
Staff
Staff

Created on ‎12-10-2023 09:53 AM

Hello Stephan_s, Good day!

 

Thanks for reaching out.

 

As of now, you can only configure the ip-pool/ poolname using the CLI.

Please refer: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Accessing-multiple-web-servers-hosted-via-...

 

Note:

If a real server is hosted across an IPsec tunnel, and no IP address has been configured to the tunnel interface, a new setting 'set poolname' can be leveraged in FortiOS 7.0.6+, 7.2.0+, and 7.4.0+ as per document below. This setting can be configured from CLI only.

 

Please let me know if you have more questions.

 

thanks.

Best regards,

-lgupta



If you feel the above steps helped to resolve the issue mark the reply as solved so that other customers can get it easily while searching on similar scenarios.
733
Stephan_s
New Contributor III

Created on ‎12-12-2023 04:02 AM

Hello lgupta,
thank you for your reply. So basically I have to wait for a GUI implementation.

thanks,

best stephan

715
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.