Addresses within Address group have NAT with different IP addresses

Author
commsrbrad
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2021/09/30 15:07:55
  • Status: offline
2021/10/13 22:27:03 (permalink)
0

Addresses within Address group have NAT with different IP addresses

Trying to find the best way to do this on a Fortigate.
On A Cisco ASA, when create object can do a NAT for it
eg Inside1 nat to outside1
     Inside2 nat to outside2
etc
then create a group
which contains Inside1 inside2 etc
then on the firewall ACL
allow the  group access to particular internet sites. (so only a one line entry for all inside objects)
so now as far as the Internet sites are concerned they will see traffic from the different NATed address for each object.
 
Now how do I do the same on the Forigate?
Now when I create an Address I cannot have a NAT for it
so with the Firewall rule I have to have an entry for each inside1 inside2 etc because they each use a different IP pool value
so it looks like to me I cannot use an Address group because I require a different internet IP for each member of the group
so more complicated to configure.
Is this correct?
#1

1 Reply Related Threads

    Toshi Esumi
    Expert Member
    • Total Posts : 2733
    • Scores: 269
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: Addresses within Address group have NAT with different IP addresses 2021/10/14 08:59:23 (permalink)
    0
    correct. Need to have one ippool for one SNAT IP, and one VIP for DNAT for opposite direction.
    #2
    Jump to:
    © 2021 APG vNext Commercial Version 5.5