Advanced Networking : Configuring NAT : Configuring 1-to-1 NAT
 
Configuring 1-to-1 NAT
You can use 1-to-1 NAT when you want to publish public or “external” IP addresses for FortiADC resources but want the communication among servers on the internal network to be on a private or “internal” IP address range.
Figure 64 illustrates 1-to-1 NAT. The NAT configuration assigns both external and internal (or “mapped”) IP addresses to Interface 1. Traffic from the external side of the connection (such as client traffic) uses the external IP address and port. Traffic on the internal side (such as the virtual server communication with real servers) uses the mapped IP address and port.
The system maintains this NAT table and performs the inverse mapping when it sends traffic from the internal side to the external side.
Figure 64:  One-to-One NAT
Before you begin:
You must know the IP addresses your organization has provisioned for your NAT design.
You must have Read-Write permission for System settings.
To configure one-to-one NAT:
1. Go to Networking > NAT.
2. Click the 1-to-1 NAT tab.
3. Click Add to display the configuration editor.
4. Complete the configuration as described in Table 86.
5. Save the configuration.
6. Reorder rules, as necessary.
Table 86: 1-to-1 NAT configuration
Settings
Guidelines
Name
Unique name. No spaces or special characters.
After you initially save the configuration, you cannot edit the name.
External Interface
Interface that receives traffic.
External Address Range
Specify the first address in the range. The last address is calculated after you enter the mapped IP range.
Mapped Address Range
Specify the first and last addresses in the range.
Port Forwarding
Port Forwarding
Select to enable.
Protocol
TCP
UDP
External Port Range
Specify the first port number in the range. The last port number is calculated after you enter the mapped port range.
Mapped Port Range
Specify the first and last port numbers in the range.
Reordering
After you have saved a rule, reorder rules as necessary. The rules table is consulted from top to bottom. The first rule that matches is applied and subsequent rules are not evaluated.