Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
suthomas1
New Contributor

Outbound natting

One of the internal systems with IP 10.58.0.11 needs to access another remote network.

10.58.0.11 is internal to us Remote network is part of our organisation but geographically different.

10.58.0.11 is not routable to the remote network as they do not accept them. In this case, we will need to do an outbound NAT so session from 10.58.0.11 to the remote network gets translated to a range that they accept which is 10.82.0.x. Briefly, 10.58.0.11 needs to be translated outbound to one ip in 10.82.0.x so the remote site accepts it. I want to do this on fortinet firewall.Can someone please help how it should be done.

Appreciate all help.

Suthomas
Suthomas
3 REPLIES 3
Toshi_Esumi
Esteemed Contributor III

create an IP pool with the 10.82.0 addresses and use it in an SNAT policy like below.

http://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-transparent/3-Networking/2-NAT/2-SNAT...

The default rule is "overload" but you can change the ippool type to like one-to-one, etc. explained below:

http://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-firewall/Object%20Configuration/IP%20...

 

 

suthomas1

Thank you, is there any way for me to verify if this is working from cli or gui?

 

Suthomas
Suthomas
Toshi_Esumi
Esteemed Contributor III

Best way to confirm is "flow debug" or "debug flow" in below KB doc. If you read each line of output you can find the line swapping the source address from the local one to one of IPs in IP pool based on the rule you've chosen. 

http://kb.fortinet.com/kb/viewContent.do?externalId=FD30038

 

 

 

Labels
Top Kudoed Authors