Central Source NAT and Destination NAT

Mike (2844 Posts)

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services.

View all author’s posts

2 responses to “Central Source NAT and Destination NAT”

1. Is there a way to do central snat and dnat in the same flow ?

   When packet is received by Fortigate interface source and destination is as follows;
   original IPs S:10.2.3.1 D:11.2.3.1

   when packet leaves Fortigate, source and destination IP addresses for the same flow should be ;
   translated IPs; S:12.2.3.1 D: 13.2.3.1

   Reply

2. So, I understand Central SNAT and DNAT thankfully from times long past, but what I have trouble finding is decent information on how exactly policies should work under Central Snat. As an example, previously I targeted a VIP. I would assume, just from using other equipment, that I would just be changing the target of the policy to what was the local IP targeted by the VIP while the interfaces involved stay the same. Did you happen to do another video that addressed how that part works? Lastly, love the videos and the site. You’ve helped more than I can express here!

   Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.