Optional Services NAT
L : Check to enable logging. Whenever the rule is matched, the system will record the event
to the log file.
1-to-1 NAT Rules
1-to-1 NAT maintains a fixed 1-to-1 mapping (binding) between internal IP addresses and the IP addresses of a WAN
link's localhost (also called external addresses here), which requires the same amount of IP addresses on both sides.
Therefore, both a internal host and external host can launch sessions to each other. 1-to-1 NAT supports translation
for IPv4 only.
E : Enable the 1-to-1 NAT rule or not.
When : Select the time when to apply the 1-to-1 NAT rule, including three options: Busy, Idle and
All-Time (See "Busyhour Settings").
Internal Address : Select the internal IPv4 address, IPv4 range or IPv4 subnet that the 1-to-1 NAT rule should
be applied to (See "Using the web UI"). For a 1-to-1 NAT rule, the amount of internal IP
address here must be the same as amount of external IP address below. (Note: Internal IP
Address must be an IP address of the internal network or DMZ port.)
Service : Select a service port where the 1-to-1 NAT rule should be applied to, such as TCP, UDP,
ICMP or any of the predefined network service groups (See "Using the web UI").
External Address : Select the external IPv4 address, IPv4 range or IPv4 subnet that the 1-to-1 NAT rule
should be applied to (See "Using the web UI"). For a 1-to-1 NAT rule, the amount of
external IP address here must be the same as amount of internal IP address above. (Note:
External IP Address must be an IP address obtained upon WAN link connection.)
L : Check to enable logging. Whenever the rule is matched, the system will record the event
to the log file.
For any out-going packet (no matter a internal or a external host launch the session), if the packet matches a 1-to-1
NAT rule on When, Internal Address (Source) and Service, source IP address of the packet will be translate to
correspondent external address specified in the rule. For any in-coming packet (no matter a internal or a external host
launch the session), if the packet matches a 1-to-1 NAT rule on When, External Address (Destination) and Service,
destination IP address of the packet will be translate to correspondent internal address specified in the rule.
Enable NAT
Example: To translate packets from local machine 192.168.123.100 to public IP address 172.31.5.51, check “Enable
NAT”, and select WAN #1, then check “Enable”. The NAT rule settings look like:
Source Destination Service Translated
192.168.123.100 Any Address Any 172.31.5.51
Disable NAT
Disable NAT sets FortiWAN to Non-NAT mode whereby all the WAN hosts can acccess DMZ hosts directly with proper
routing setup. In this mode, FortiWAN acts as a router connecting multiple subnets.
222 FortiWAN Handbook
Fortinet Technologies Inc.
To Next Page
Loading...
