Optional Services NAT
Source Destination Service Action
LAN 192.192.10.1 FTP (21) Accept
WAN Localhost ICMP Deny
LAN DMZ Any Deny
WAN DMZ Any Deny
WAN LAN Any Deny
See also
l
Busyhour Settings
l
Using the web UI
l
Reports: Firewall
NAT
FortiWAN is an edge server that is usually placed on the boundary between WAN and LAN. When a connection is
established from a private IP address (in LAN or DMZ) to the internet (WAN), it is necessary to translate the private IP
address into one of the public IP addresses assigned to the FortiWAN's WAN link. This process is called NAT (Network
Address Translation). FortiWAN provides the typical NAT (called S-NAT also) for sessions established from internal
area. Once the private source IP address of outgoing packet of a session is translated to a public IP address, the
mapping is kept in translation table and therefore the inbound traffic (from public area) of the session can be accepted
and forwarded to the internal host who established the session.
With the typical NAT, two-way data transmission between an internal host and an external host is achieved, only if the
internal host starts the sessions. An external host is unable to starts a session with an internal host via the typical NAT.
FortiWAN's 1-to-1 NAT gives the availability of two-way transmission between an internal host and an external host not
only for sessions starting from the internal host but also for sessions starting from the external host.
FortiWAN provides log mechanism to the NAT service, see "Log".
Default Rules
FortiWAN's NAT Default Rules are the NAT rules (and IPv6 NAT rules) generated automatically by system according to
the Network Setting of WAN links. Once a WAN link is sat up (See "Configuring your WAN"), the default rules are
generated at the same time so that FortiWAN performs NAT automatically to packets coming from anywhere (except
subnets in WAN or/and DMZ and static routing subnets of the WAN link) and going to be transferred via the WAN link.
NAT default rules are varies according to how the WAN link is deployed. For example,
WAN link 1: Routing mode with a basic subnet (125.227.251.0/255.255.255.0) in WAN and DMZ, and the IP(s) on
localhost are 128.227.251.80 and 128.227.251.81. System adds the default rules to WAN link 1 as following:
When = All-Time, Source = 125.227.251.0/255.255.255.0, Destination = Any Address,
Service = Any, Translated = No NAT
218 FortiWAN Handbook
Fortinet Technologies Inc.
To Next Page
Loading...
