Hi , these days i am studing FGT, i am confused at this case-The VIP is
set extintf 'port10', but now 10.10.10.2 accesses 10.10.10.100 port 21,
the packet is entering in port9, not in port10,can this activate the
DNAT(VIP)?How the FGT works at this s...
Hi Patterson, in the scene , total two policies: policy-1 and policy-2.
As your order above, Which policy matches at Step 4? And which policy
matches at Step 7?
Got it, thanks Patterson. I reviewed the traffic working process:When
the data packet enters FGT from port9, 10.10.10.2 accesses 202.106.1.100
and pre-routing triggers DNAT (VIP). DNAT:202.106.1.100-->10.10.10.100,
now 10.10.10.2-->10.10.10.100,Then ...
Hi Debbie, settings were as you said. I think the Policy-2 SNAT is for
traffic to Internet."traffic enters and leaves FortiGate via the same
interface. This causes FortiOS to automatically perform SNAT, even if
NAT is not configured in the firewall p...
I appreciate, Patterson! I see the difference from snat-hairpair-traffic
enabled and disabled you showed me. And my last question is : the VIP
extintf was set 'port10', Why the traffic enters in 'port9' can activate
the DNAT'ed(VIP)?