NAT Optional Services
When : The predefined time periods during which the rules will apply. Options are Busy, Idle, All-
Times (See "Busyhour Settings").
Source :
The packets sent from the source will be matched (See "Using the web UI"). Note: The
source IPv6 to be translated must be the IPv6 address assigned to the LAN or DMZ.
Destination :
The packets sent to the destination will be matched (See "Using the web UI").
Service : The packets with the service port number to which users would like NAT to apply. It can be
the TCP/UDP port, or Predefined service groups from [System]->[Service Grouping] (See
"Using the web UI").
Translated : The public IPv6 addresses or a range of public IPv6 addresses that users would like the
private addresses to be translated to, or No NAT if no translation is needed. Note: Trans-
lated must be an IPv6 address obtained upon public DMZ subnet and with 64-bit or lower
prefix length. The option [Dynamic IP] will be available while a Dynamic WAN link (Bridge
Mode: PPPoE and Bridge Mode: DHCP) is applied.
L : Check to enable logging. Whenever the rule is matched, the system will record the event
to the log file.
Enable NAT
Example: To translate packets from local machine 192.168.123.100 to public IP address 172.31.5.51, check “Enable
NAT”, and select WAN #1, then check “Enable”. The NAT rule settings look like:
Source Destination Service Translated
192.168.123.100 Any Address Any 172.31.5.51
Disable NAT
Disable NAT sets FortiWAN to Non-NAT mode whereby all the WAN hosts can acccess DMZ hosts directly with proper
routing setup. In this mode, FortiWAN acts as a router connecting multiple subnets.
Note: Once NAT is disabled, it is disabled on all the WAN Links.
Example: Non-NAT Settings
FortiWAN Handbook
Fortinet Technologies Inc.
124
To Next Page
Loading...
