Firewall configuration IP Pools for firewall policies that use fixed ports
FortiGate-100 Installation and Configuration Guide 165
5 Select OK to save the IP pool.
Figure 14: Adding an IP Pool
IP Pools for firewall policies that use fixed ports
Some network configurations will not operate correctly if a NAT policy translates the
source port of packets used by the connection. NAT translates source ports to keep
track of connections for a particular service. You can select fixed port for NAT policies
to prevent source port translation. However, selecting fixed port means that only one
connection can be supported through the firewall for this service. To be able to support
multiple connections, you can add an IP pool to the destination interface, and then
select Dynamic P pool in the policy. The firewall randomly selects an IP address from
the IP pool and assigns it to each connection. In this case the number of connections
that the firewall can support is limited by the number of IP addresses in the IP pool.
IP pools and dynamic NAT
You can use IP pools for dynamic NAT. For example, your organization may have
purchased a range of Internet addresses, but you may have only one Internet
connection: the external interface of your FortiGate unit.
You can assign one of your organization’s Internet IP addresses to the external
interface of your FortiGate unit. If your FortiGate unit is operating in NAT/Route mode,
all connections from your network to the Internet appear to come from this IP address.
If you want connections to originate from all of your Internet IP addresses, you can
add this address range to an IP pool for the external interface. Then you can select
Dynamic IP Pool for all policies with the external interface as the destination. For each
connection the firewall dynamically selects an IP address from the IP pool to be the
source address for the connection. As a result connections to the Internet will appear
to be originating from all of the IP addresses in the IP pool.
To Next Page
Loading...
Need help?
General