Description | This article describes how to create a NAT 64 firewall policy to allow traffic to a virtual IP on the network. |
Scope | FortiOS |
Solution |
Step 1:
Step 2: NOTE: The external IPv6 address must be different but in the same range as the public address on the external facing interface.
CLI:
config firewall vip6 next
Step 3:
Create an SNAT IP pool that points to an arbitrary address that isn't used anywhere else on the network.
CLI:
config firewall ippool
edit "Test-ippool"
set startip 172.16.100.1
set endip 172.16.100.1
set arp-reply disable
set nat64 enable
next
end
Step 4: Create the firewall policy enabling NAT 64 in the NAT section.
CLI:
config firewall policy |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.