NAT
Example:
Here are two possible packets that would be considered different by the FortiGate so that any responses from the web server would make it back to their correct original sender.
From Student A
Attribute | Original Packet | Packet after NATing |
Source IP address or src-ip |
10.1.1.56 |
u.u.u.1 |
Destination IP address or dst-ip: |
w.w.w.1 |
w.w.w.1 |
Protocol |
tcp |
tcp |
Source port or src-port: |
10000 |
46372 |
Destination port or dst-port |
80 |
80 |
From Student B |
||
Attribute | Original Packet | Packet after NATing |
Source IP address or src-ip |
10.5.1.233 |
u.u.u.1 |
Destination IP address or dst-ip: |
w.w.w.1 |
w.w.w.1 |
Protocol |
udp |
udp |
Source port or src-port: |
26785 |
46372 |
Destination port or dst-port |
80 |
80 |
Even though the source port is the same, because the protocol is different they are considered to be from different sessions and different computers.
The drawback is that it would depend on the protocols being used be evenly distributed between TCP and UDP. Even if this was the case the number would only double; reaching an upper limit of 65,536 possible connections. That number is still far short of the possible more than 16 million for an IP subnet with an eight bit subnet mask like the one in our example.
Fortinet does not use this method.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos
Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos
Leave a Reply