Re: Limited transparency
☼ Best Answerby CollabraIT 2017/03/20 10:01:46
Ede is correct- just disable NAT on appropriate rules.
Consider the following setup:
internet public IP wan1
network 1 10.10.10.0/24 port1 FGT address 10.10.10.1
network 2 10.10.20.0/24 port2 FGT address 10.10.20.1
What you want is something like network 2 -> network 1 no NAT (original source addresses appear), network 1 or network 2-> internet NAT
All you need to do is disable NAT on the policies that go from port1->port2 and vice versa. The FGT will be able to handle routing between the subnets because it is attached to both. Traffic destined for 10.10.10.12 from 10.10.20.22 will hit the Fortigate and go to port1, the source address will remain as 10.10.20.22 when it arrives. This also assumes your devices have their default gateway as the Fortigate.
NSE4 (at Accelerate2017!)
Some FGT500Ds at work
FWF60E, FGT60C, and FWF60B at home