DNAT with VIP is not working if nat disabled

Umesh · ‎10-14-2022

Hi everyone,

I want to know should I diable nat if we have configured DNAT with VIP in Fortigate Firewall.

Reason - Let me know about it when should we enable or diable NAT.

FYI - If I enabled nat then it is working if it is disabled then it is not working.

Please find the attached digaram what I am doing in my oranization.

sagha · ‎10-14-2022

Hi Umesh,

> If I enabled nat then it is working if it is disabled then it is not working.

When you enable NAT, this means that SNAT is also taking place and this usually is the outgoing interface of FGT. This works because this is in the same subnet as the destination host you are trying to reach.

When you disable NAT in policy, original address would be used and I believe the destination host does not have a route to send traffic back to FGT.

Thank you.

Shahan

Toshi_Esumi · ‎10-14-2022

In other words, 10.1.1.400's default route is not pointing to 10.1.1.10, the FGT.

Toshi

Umesh · ‎10-18-2022

Hi Sahan,

I would like to tell you we have disabled NAT while configuring DNAT it is working fine.

Note - If we enabled then we can not find original IP address and If it is disabled in this case we can see original IP address.

Right.