Central Source NAT and Destination NAT

What are the differences between central SNAT and DNAT and the policy based regular NAT that a lot of people use?

This entry was posted in FortiGate, Fortinet GURU, FortinetGURU Videos, How To, Questions on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

2 thoughts on “Central Source NAT and Destination NAT

  1. Jsmith

    Is there a way to do central snat and dnat in the same flow ?

    When packet is received by Fortigate interface source and destination is as follows;
    original IPs S:10.2.3.1 D:11.2.3.1

    when packet leaves Fortigate, source and destination IP addresses for the same flow should be ;
    translated IPs; S:12.2.3.1 D: 13.2.3.1

    Reply
  2. Scott

    So, I understand Central SNAT and DNAT thankfully from times long past, but what I have trouble finding is decent information on how exactly policies should work under Central Snat. As an example, previously I targeted a VIP. I would assume, just from using other equipment, that I would just be changing the target of the policy to what was the local IP targeted by the VIP while the interfaces involved stay the same. Did you happen to do another video that addressed how that part works? Lastly, love the videos and the site. You’ve helped more than I can express here!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.