FortiGate – NAT Policies

FortiGate – NAT Policie

NAT policies allow translation of port addresses on your external IP to individual internal addresses, which greatly expands the functionality of a single address. They also allow you to define how the FortiGate routes packets between your subnets, so that you can establish DMZs and specific packet routing policies. NAT policies are different from Firewall policies in that they do not ACCEPT or DENY a packet or service, they only facilitate traffic between interfaces.

To create a new policy, go to Policy & Objects > IPv4 Policy. Give the policy a Name that indicates that the policy will be for traffic to the Internet (in the example, Internet).

Set the Incoming Interface to lan (or your Internal interface) and the Outgoing Interface to wan1 (or your External interface). Set SourceDestination AddressSchedule, and Services, as required. Ensure the Action is set to ACCEPT. Turn on NAT and select Use Outgoing Interface Address.

Scroll down to view the Logging Options. To view the results later, enable Log Allowed Traffic and select All Sessions.