Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
player
New Contributor

change ip from pool

Hi all, i have a pool with 8 addressess on the wan, i need to change to the nat address on a per connection basis, any ideas?
player. rock the boat , dont sink the ship
player. rock the boat , dont sink the ship
5 REPLIES 5
ede_pfau
Esteemed Contributor III

hmm, this isn' t that clear to me what you really want to achieve but I' ll guess... if you want to NAT to all of your 8 public IPs in a round-robin fashion on outgoing traffic (to be precise " changing the NAT IP for each session" ) then you just have to create an IP pool with these addresses (hopefully consecutive) and modify the outgoing policy: check : NAT check: dynamic select the IP pool That' s it. Or I just misunderstood your intention.

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
player
New Contributor

you' re right that' s the idea but , the ip changes once the first address is fully used , that is not what i want.
player. rock the boat , dont sink the ship
player. rock the boat , dont sink the ship
ede_pfau
Esteemed Contributor III

I was suspecting that I haven' t quite understood what you want to achieve. Of course, when the first client connects it uses up the first IP from the pool. The next source IP will be mapped to the next IP from the pool, it couldn' t be any other way, right? So please give us some more information about your plan.

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
player
New Contributor

is there any way to make the firewall move to the next ip address on the pool on a per new connection request?
player. rock the boat , dont sink the ship
player. rock the boat , dont sink the ship
ede_pfau
Esteemed Contributor III

Not that I know of. An IP pool is seen as a scarce ressource so IPs are leased out when needed, not off-hand. When the initial session is timed out (say, after 300 s) and the initial IP is taken by someone else then the next is used.

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Labels
Top Kudoed Authors