Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
caunon
Staff
Staff

Created on ‎01-12-2015 08:59 AM

Article Id 195272

Technical Note: How to send traffic out with the specific source IP address

Description
In some cases, we may need to send out the traffic with the specific source IP address which is not wan1 or wan2 IP addresses which we have at the external interface.

We may need to use the IP Pool with the firewall policy to do this.

Scope
FortiGate.

Solution
For v5.0:

1) Using the GUI go to Firewall Objects > Virtual IPs > IP Pools > Create New and set the parameter values as follows:
Name : NAT24
Type : Overload
External IP Range/Subnet : 24.24.24.24-24.24.24.24
ARP Reply : enable
caunon_FD36016_tn_FD36016-1.jpg

caunon_FD36016_tn_FD36016-2.jpg

2) Create the firewall policy from the source interface to the destination interface as required and set the IP Pool to Enable NAT. Select the option to 'Use Dynamic IP Pool' and choose the one that had been created in the previous step (For example: 'NAT24').

caunon_FD36016_tn_FD36016-3.jpg

When the traffic passes through this firewall policy, it will NAT out with the IP address of the IP Pool (NAT24 with 24.24.24.24) as required.

6219
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.