NAT Optional Services
Source Destination Service Action
LAN 192.192.10.1 FTP (21) Accept
WAN Localhost ICMP Deny
LAN DMZ Any Deny
WAN DMZ Any Deny
WAN LAN Any Deny
See also
l
Busyhour Settings
l
Using the web UI
l
Reports: Firewall
NAT
FortiWAN is an edge server that is usually placed on the boundary between WAN and LAN. When a connection is
established from a private IP address (in LAN or DMZ) to the internet (WAN), it is necessary to translate the private IP
address into one of the public IP addresses assigned to FortiWAN. This process is called NAT (Network Address
Translation).
FortiWAN's NAT makes configuration more flexible. By default, NAT can translate any private IPv4 address to a static
or dynamic public IPv4 address assigned to a given WAN link. For IPv6, FortiWAN’s NAT translates IPv6 addresses for
hosts in LAN to a dynamic IPv6 address of a PPPoE WAN link (if a PPPoE WAN link is deployed) by default. For WAN
links in other WAN type, FortiWAN will not translate any IPv6 address by default (it requires manually adding rules
according to requirements). It works on a "first match" principle for rules, i.e. rules are matched top down.
FortiWAN provides log mechanism to the NAT service, see "Log".
Non-NAT
Non-NAT is used for Private Network and MPLS Network where the host in WAN can directly access the host in DMZ,
and where FortiWAN is used to balance VPN load and backup lines.
Enable NAT : Enable the function, and NAT will translate any private IP to a fixed public IP assigned to a
given WAN link. Disable the function; FortiWAN will act as a general router for the host in
WAN to directly access the host in DMZ.
WAN : The WAN link to which to apply NAT rules.
1-to-1 NAT Rules
To define the 1-to-1 translation method for the bi-directional IP range (or subnet) in both internal and external
networks.
FortiWAN Handbook
Fortinet Technologies Inc.
122
To Next Page
Loading...
