We are running 5.2.2 and using an IP Pool. We are using the default type
of "Overload". We do not have the "Fixed Port" option checked on the
policy, yet the Fortigate still uses same source port rather than
allocating a new one. According to the doc...
We use VIPs to port forward traffic to our web servers. When we enable
NAT on the policy, it uses the internal network interface IP address as
the source IP. Is it possible to specify a secondary IP address as the
NAT source rather than the interface...
I've got a really strange issue that we've spent a week on and haven't
been able to get anywhere. Here are the specs:FortiGate 600C running
5.2.2 in a HA Active-ActiveConnected to Cisco 3560X switches with LACP
aggregate interfaces We recently switch...
We are trying to set up a security policy that requires the user to
authenticate to the firewall when accessing a particular internal web
page. It works fine if the destination site is on port 80, but not when
the site is hosted on a different port (...
We are moving from Watchguard firewalls over to Fortigate. There was a
feature on the Watchguards that they called NAT Reflection. It allowed
internal hosts to access other internal hosts through their public IP
address rather than internal IP. For e...
Thanks for your help. Just for reference, I had to use an IP Pool due to
this issue > https://forum.fortinet.com/tm.aspx?m=120355. Seems to be
working well as a solution.
I noticed that it didn't require me to enable NAT on the policy to do
the NAT translation on the VIP, but that seemed to be the only way to
select an IP Pool (at least through the GUI in 5.2.2). Can you enable
the IP Pool on the CLI without enabling ...
We think we finally have this one fixed. We created a Dynamic IP Pool
with 100 IP addresses and chose that IP pool on the policy rather than
"Use Outgoing Interface Address". We only enabled this IP pool for the
policy for Internal>FW>Internal policy...
