Re: Limited transparency
2017/03/17 13:07:44
(permalink)
☼ Best Answerby CollabraIT 2017/03/20 10:01:46
Ede is correct- just disable NAT on appropriate rules.
Consider the following setup:
internet public IP wan1
network 1 10.10.10.0/24 port1 FGT address 10.10.10.1
network 2 10.10.20.0/24 port2 FGT address 10.10.20.1
What you want is something like network 2 -> network 1 no NAT (original source addresses appear), network 1 or network 2-> internet NAT
All you need to do is disable NAT on the policies that go from port1->port2 and vice versa. The FGT will be able to handle routing between the subnets because it is attached to both. Traffic destined for 10.10.10.12 from 10.10.20.22 will hit the Fortigate and go to port1, the source address will remain as 10.10.20.22 when it arrives. This also assumes your devices have their default gateway as the Fortigate.
NSE4
Some FGT500Es, 500Ds, 60Ds at work
FWF60E, FWF80CM at home