Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
gianlucats
New Contributor III

Created on ‎07-29-2024 03:07 AM Edited on ‎07-29-2024 05:41 AM

Nat on FortiGate 60F

Hi

I tried several times reading about how NAT works in Fortigate, but it doesnt work.

FortiGate 60F, firmware 7.2.8 build 1693.

I found many guides using "IPv4 policy", but this is not present in my "Policy & Objects" menu, I think maybe different firmware.

So I create Virtual IPs I need, then I create firewall policies from wan to virtual ip.

But it doesn'n works, i presume i made something wrong o I didn't do at all something that is necessary.

I am new in FortiGate, coming from other manifacturer products, any help is welcome.

 

Edit: I add some informations may help:

System is in NAT mode.

Gateway is a modem/router Fritz, and Fortigate is in DMZ on it.

Activating https admin on wan interface, it is reachable from internet.

 

 

1.PNG2.PNG3.PNG

 

Labels:
536
0 Kudos
1 Solution
AEK
SuperUser
SuperUser
In response to AEK

Created on ‎07-29-2024 06:07 AM

In your firewall rule you should disable NAT.

AEK

View solution in original post

AEK
473
6 REPLIES 6
AEK
SuperUser
SuperUser

Created on ‎07-29-2024 03:20 AM

Hi

In your VIP, try put the actual WAN IP instead of 0.0.0.0.

AEK
AEK
527
gianlucats
New Contributor III
In response to AEK

Created on ‎07-29-2024 04:07 AM

Thank you.

Tryed

Doesn't work.

514
0 Kudos
AEK
SuperUser
SuperUser
In response to AEK

Created on ‎07-29-2024 06:07 AM

In your firewall rule you should disable NAT.

AEK
AEK
474
gianlucats
New Contributor III
In response to AEK

Created on ‎07-29-2024 06:54 AM Edited on ‎07-29-2024 06:56 AM

 

This way do you mean?

It's still not working (for test I redirect port 13389 on 3389 of a pc whith RD active)

I see a little increase of traffic in the column "bytes"

 

5.PNG

467
0 Kudos
AEK
SuperUser
SuperUser
In response to AEK

Created on ‎07-29-2024 07:14 AM

Yes I mean this way. You don't need to do SNAT when you do DNAT as you your client will not know the real source address.

The config seems ok. Can you share the related traffic log?

Also the below command output while you try access from outside:

diag sniffer packet any "host x.x.x.x" 4

Where x.x.x.x is the client IP on the WAN.

AEK
AEK
459
gianlucats
New Contributor III
In response to AEK

Created on ‎07-30-2024 12:46 AM

Hi

Thank you for your accurate answers.

I am a little confused now: i just put anything as it was from beginning, to restart from a known situation. Well everyting seems to work fine! With or withoun NAT enabled. 

It is god, but i have not undertood which problem it was anfd I have two more devices to put in production.

It a great thing having such a forum to count on, anywhay.

Thank you a lot

369
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.