Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Jonathan_Body_FTNT
Staff
Staff

Created on ‎07-07-2009 09:42 AM Edited on ‎05-26-2022 06:37 AM By Anonymous

Article Id 194230

Retreiving NAT history from the traffic log

Description
When NAT is active on a firewall policy the history can be retreived from the traffic log information. Note that this is a per-firewall policy option.
Scope
FortiGate running NAT mode.
Solution

Activate the ''raw'' format in the traffic log information on the GUI, the traffic log can then be visualised in the following way:
 
 
 
2008-03-18 10:36:33 log_id=0021010001
type=traffic subtype=allowed
pri=notice vd=root SN=1336878
duration=10 user=N/A group=N/A rule=2 policyid=2 proto=6
service=80/tcp app_type=N/A
status=accept src=192.168.3.12 srcname=192.168.3.12 dst=131.107.115.28 dstname=131.107.115.28 src_int="port7" dst_int="port6“
sent=523 rcvd=1963
sent_pkt=6 rcvd_pkt=4
src_port=1028 dst_port=80 vpn=N/A tran_ip=10.1.1.11 tran_port=43992
dir_disp=org tran_disp=snat
 
src=192.168.3.12 corresponds to the original src IP.
src_port=1028 corresponds to the original source port.
tran_ip=10.1.1.11 tran_port=43992 is the NAT translated address. 

 

2421
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.