Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
chaithrar
Staff
Staff

Created on ‎04-28-2020 12:09 AM Edited on ‎02-05-2024 09:08 AM By Moderator

Article Id 195349

Technical Tip: SNAT support for policies with virtual wire pairs

Description
This article describes how to configure SNAT support for policies with virtual wire pairs.

Solution
Source NAT (SNAT) i configured for IPv4 and IPv6 policies with virtual wire pair (VWP) interfaces.

To configure a policy using SNAT and a virtual wire pair.

Create the virtual wire pair interface.

# config system virtual-wire-pair
    edit "test-vw-1"
        set member "port1" "port4"
    next
end

Create the IP pool. The IP pool must have a different subnet than the VWP peers.

# config firewall ippool
    edit "vwp-pool-1"
        set startip 172.16.222.99
        set endip 172.16.222.100
    next
end

Configure the policy.

# config firewall policy
    edit 88
        set srcintf "port4"
        set dstintf "port1"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set logtraffic all
        set ippool enable
        set poolname "vwp-pool-1"
        set nat enable
    next
end

Related link.

https://docs.fortinet.com/document/fortigate/6.4.0/new-features/950123/snat-support-for-policies-wit...

497
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.