Technical Tip: How to install Virtual Server changes to FortiGates operating in Central NAT mode using FortiManager

lingky88 · ‎04-02-2024

Description

This article describes how the user can use FortiManager to install Virtual Server changes to their managed FortiGates operating in Central NAT mode using FortiManager.

Scope

FortiManager.

Solution

On the FortiGate, the central NAT setting is enabled.

1. FGT enable central NAT.png

On the FortiManager, the policy package has Central NAT enabled.

2. FMG policy central NAT mode.png

Create the Virtual Server on FortiManager -> Policy & Objects -> Object Configurations -> Firewall Objects -> Virtual Servers.

3. FMG Virtual Server.png

When FortiGate operates in central NAT mode, it is not required to apply a VIP/Virtual Server onto a firewall policy. Hence, when trying to install, the Install Preview does not show the Virtual Server/VIP configuration being installed.

4. Install Preview blank.png

It is mandatory to import the Virtual Server/VIP configured under Policy & Objects -> Select the Policy Package -> Central DNAT setting of the Policy Package in FortiManager for the change to be installed.

5. Import VS1.png

6. Import VS2.png

Install the policy package again and we are now able to see the Virtual Server configuration that we had created in the Install Preview.

7. Install Preview.png