Fortigate interface NAT configuration

Fortigate interface NAT configuration

Here’s the scenario for Fortigate interface NAT configuration:

All Internal IP addresses (10.20.1.0/24) need to be translated to the WAN interface IP address (200.1.1.1) when trying to access any destination over ports 10000-20000.

Here’s the interface configuration:

fortigate-fw # show system interface “WAN”
config system interface
   edit “WAN”
      set vdom “root”
      set ip 200.1.1.1 255.255.255.0
      set allowaccess ping https ssh
      set type physical
      set speed 100full
   next
end

fortigate-fw # show system interface “Internal”
config system interface
   edit “Internal”
      set vdom “root”
      set ip 10.20.1.1 255.255.255.0
      set allowaccess ping https ssh
      set type physical
      set speed 100full
   next
end

 

To translate the traffic, first define the source and destination addresses, if any, followed by the service configuration:

config firewall service custom
   edit “xyz-ports”
      set protocol TCP/UDP/SCTP
      set tcp-portrange 10000-20000
   next
end

 And finally define the translation policy as below:

config firewall policy
   edit 0
      set srcintf “Internal”
      set srcaddr “all”
      set dstintf “WAN”
      set dstaddr “all”
      set service “xyz-ports”
      set action accept
      set schedule always
      set nat enable
   next
end

Add a Comment

Your email address will not be published. Required fields are marked *