Scribd
Upload
38 views6 pages

Central SNAT Lab Configuration Guide

Uploaded by

Ismail Kurnaz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
38 views6 pages

Central SNAT Lab Configuration Guide

Uploaded by

Ismail Kurnaz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Central SNAT Lab:

Basic Configuration of Devices


PC1 address 192.168.1.1
netmask 255.255.255.0
gateway 192.168.1.100
up echo nameserver 8.8.8.8 > /etc/resolv.conf
PC2 address 192.168.1.2
netmask 255.255.255.0
gateway 192.168.1.100
up echo nameserver 8.8.8.8 > /etc/resolv.conf
PC3 address 192.168.1.3
netmask 255.255.255.0
gateway 192.168.1.100
up echo nameserver 8.8.8.8 > /etc/resolv.conf
Server address 192.168.1.4
netmask 255.255.255.0
gateway 192.168.1.100
up echo nameserver 8.8.8.8 > /etc/resolv.conf
RemoteServer address 192.168.122.120
netmask 255.255.255.0
gateway 192.168.122.100
up echo nameserver 8.8.8.8 > /etc/resolv.conf
RemotePC address 192.168.122.110
netmask 255.255.255.0
gateway 192.168.122.100
up echo nameserver 8.8.8.8 > /etc/resolv.conf

1 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717


Login to FortiGate Firewall type http://192.168.122.100 in any browser.

Configure Interfaces:
Go to Network>Interfaces select port1 Click Edit in Alias type WAN, change the Address Mode
to Manual type IP/Netmask 192.168.122.100/24, in Administrative access leave all the rest of
configuration default and press OK button.

2 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717


Go to Network>Interfaces select port2 Click Edit in Alias type LAN, change the Address Mode to
Manual type IP/Netmask 192.168.1.100/24, in Administrative access only checked PING leave
all the rest of configuration default & press OK.

DNS Configuration:
Go to Network > DNS , click on Specify and enter in primary / secondary DNS servers. In Primary
DNS Server, type the IP address of the primary DNS server 8.8.8.8. In Secondary DNS Server,
type the IP address of the secondary DNS server 8.8.4.4. Click Apply button to save the changes.

3 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717


Default Route Configuration:
To create a new default route, go to Network > Static Routes and create a static route for ISP.
Set Destination to Subnet and leave the destination IP address set to 0.0.0.0/0.0.0.0. Set
Gateway to the IP address provided by your ISP and Interface to the Internet-facing interface in
my case 192.168.122.2 which my VM8 VMware Workstation Gateway. Set the Interface to the
WAN interface. Press OK to Save the changes.

Go to System > Setting go to System Operation Settings click to enable Central SNAT click OK .

To Create Central SNAT policy go to Policy & Objects > Central SNAT and click Create New.

4 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717


Go to Policy & Objects > Central SNAT Click Create New as shown below.

Protocol Description
Any Use any protocol traffic.
TCP Use TCP traffic only. Protocol number is set to 6.
UDP Use UDP traffic only. Protocol number is set to 17.
SCTP Use SCTP traffic only. Protocol number is set to 132.
Specify Can specify the traffic filter protocol by setting the protocol number.

When go to Policy & Objects > IPv4 Policy there is no more NAT option it will show below.

5 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717


Verification & Testing:
When the clients in internal network need to access servers in external network, we need to
translate IP addresses from 192.168.1.0/24 to an IP address 192.168.122.100. For packets that
match this policy, its source IP address is translated to the IP address of the outgoing interface.
Let’s visit and Ping from all three PCs (PC1, PC2 and PC3) to RemoteServer 192.168.122.10.

Let’s go to FortiView > All Session to see Source NAT Address Translation.

Also, can verify by CLI command get system session list

6 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 056 430 3717

You might also like