Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
commsrbrad
New Contributor

Addresses within Address group have NAT with different IP addresses

Trying to find the best way to do this on a Fortigate.

On A Cisco ASA, when create object can do a NAT for it

eg Inside1 nat to outside1

     Inside2 nat to outside2

etc

then create a group

which contains Inside1 inside2 etc

then on the firewall ACL

allow the  group access to particular internet sites. (so only a one line entry for all inside objects)

so now as far as the Internet sites are concerned they will see traffic from the different NATed address for each object.

 

Now how do I do the same on the Forigate?

Now when I create an Address I cannot have a NAT for it

so with the Firewall rule I have to have an entry for each inside1 inside2 etc because they each use a different IP pool value

so it looks like to me I cannot use an Address group because I require a different internet IP for each member of the group

so more complicated to configure.

Is this correct?

1 REPLY 1
Toshi_Esumi
Esteemed Contributor

correct. Need to have one ippool for one SNAT IP, and one VIP for DNAT for opposite direction.