config firewall : config firewall nat-snat
 
config firewall nat-snat
Use this command to configure source NAT (SNAT) rules.
You use SNAT when clients have IP addresses from private networks. This ensures you do not have multiple sessions from different clients with source IP 192.168.1.1, for example. Or, you can map all client traffic to a single source IP address because a source address from a private network is not meaningful to the FortiADC system or backend servers.
The system maintains this NAT table and performs the inverse translation when it receives the server-to-client traffic. Be sure to configure the backend servers to use the FortiADC address as the default gateway so that server responses are also rewritten by the NAT module.
Note: This SNAT feature is not supported for traffic to virtual servers. Use the virtual server SNAT feature instead.
Before you begin:
You must have read-write permission for firewall settings.
Syntax
config firewall nat-snat
edit <name>
set from <ip&netmask>
set out-interface <datasource>
set to <ip&netmask>
set trans-to-type {ip | pool}
set trans-to-ip <class_ip>
set trans-to-ip-start <class_ip>
set trans-to-ip-end <class_ip>
next
end
from
Address/mask notation to match the source IP address in the packet header. 0.0.0.0/0 matches all IP addresses.
out-interface
Interface that forwards traffic.
to
Address/mask notation to match the destination IP address in the packet header. For example, 192.0.2.0/24.
trans-to-type
ip—Specify to translate the source IP to a single specified address.
pool—Specify to translate the source IP to the next address in a pool.
trans-to-ip
Specify an IPv4 address. The source IP address in the packet header will be translated to this address.
trans-to-ip-start
First IP address in the SNAT pool.
trans-to-ip-end
Last IP address in the SNAT pool.
Example
FortiADC-VM # config firewall nat-snat
FortiADC-VM (nat-snat) # edit fw-snat-example
Add new entry 'fw-snat-example' for node 1941
 
FortiADC-VM (fw-snat-example) # get
from : 0.0.0.0/0
to : 0.0.0.0/0
out-interface :
trans-to-type : ip
trans-to-ip : 0.0.0.0
 
FortiADC-VM (fw-snat-example) # set to 192.0.2.0/24
FortiADC-VM (fw-snat-example) # set out-interface port5
FortiADC-VM (fw-snat-example) # set trans-to-ip 192.0.2.10
 
FortiADC-VM (fw-snat-example) # get
from : 0.0.0.0/0
to : 192.0.2.0/24
out-interface : port5
trans-to-type : ip
trans-to-ip : 192.0.2.10
 
FortiADC-VM (fw-snat-example) # end