Advanced Networking : NAT : Configuring 1-to-1 NAT
Configuring 1-to-1 NAT
You can use 1-to-1 NAT when you want to publish public or “external” IP addresses for FortiADC resources but want the communication among servers on the internal network to be on a private or “internal” IP address range.
Figure 88 illustrates 1-to-1 NAT. The NAT configuration assigns both external and internal (or “mapped”) IP addresses to Interface 1. Traffic from the external side of the connection (such as client traffic) uses the external IP address and port. Traffic on the internal side (such as the virtual server communication with real servers) uses the mapped IP address and port.
1-to-1 NAT is supported for traffic to virtual servers. The address translation occurs before the ADC has processed its rules, so FortiADC server load balancing policies that match source address (such as content routing and content rewriting rules) should be based on the mapped address space.
The system maintains this NAT table and performs the inverse mapping when it sends traffic from the internal side to the external side.
Figure 88:  One-to-One NAT
Before you begin:
You must know the IP addresses your organization has provisioned for your NAT design.
You must have Read-Write permission for System settings.
To configure one-to-one NAT:
1. Go to Networking > NAT.
2. Click the 1-to-1 NAT tab.
3. Click Add to display the configuration editor.
4. Complete the configuration as described in Table 120.
5. Save the configuration.
6. Reorder rules, as necessary.
Table 120: 1-to-1 NAT configuration
Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.
After you initially save the configuration, you cannot edit the name.
External Interface
Interface that receives traffic.
External Address Range
Specify the first address in the range. The last address is calculated after you enter the mapped IP range.
Mapped Address Range
Specify the first and last addresses in the range.
Port Forwarding
Port Forwarding
Select to enable.
External Port Range
Specify the first port number in the range. The last port number is calculated after you enter the mapped port range.
Mapped Port Range
Specify the first and last port numbers in the range.
After you have saved a rule, reorder rules as necessary. The rules table is consulted from top to bottom. The first rule that matches is applied and subsequent rules are not evaluated.