Description | This article describes the behavior of SNAT when VIP is configured (no port forwarding). |
Scope | FortiGate. |
Solution |
There are two options for FortiGate to perform SNAT configurable in the firewall policy.
When VIP is configured as one-to-one mapping (no port-forwarding), FortiGate will use this VIP IP address as it SNAT IP address.
Below is a firewall policy configuration example with 'Use Outgoing Interface Address' as its SNAT IP:
Below is the SNAT IP used for outbound traffic from 10.201.1.181:
Below is the Virtual IP configuration:
When the above VIP is used or referenced in a firewall policy, outbound traffic from host 10.201.1.181 will use 10.47.17.177 (VIP IP) as its SNAT IP:
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.