FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ereddy
Staff
Staff
Article Id 198780
Description
This article describes NAT exhausted error on firewall policy.

Solution
This behaviour is noticed when One-One NAT is used as explained below.
IPpool has to be configured for one-to-one.
Has to be applied on a specific policy.
For an example once an internal


'192.168.100.12' hits the policy it will be natted to the external address 198.35.53.180. So, in one-to-one only IP 1

'192.168.100.12' can use the external IP 198.35.53.180 for NAT. No other IP in the network can use 198.35.53.180 for NAT.
The IP pool exhaust message meaning no other private IP in the network
can use the public IP but 198.35.53.180 .
However, if one-to-one is changed to
'overload' then '198.35.53.180' is usable by other private IP's as well rather than single IP '192.168.100.12'.

Below are the config details.



Contributors