Firewall Virtual IP
Adding NAT firewall policies in transparent mode
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424
387
•
Figure 238: Example NAT in Transparent mode configuration
To add a source address translation NAT policy in Transparent mode
1
Enter the following command to add two management IPs.
The second management IP is the default gateway for the internal network.
config system settings
set manageip 10.1.1.99/24 192.168.1.99/24
end
2
Enter the following command to add an IP pool to the wan1 interface:
config firewall ippool
edit nat-out
set interface "wan1"
set startip 10.1.1.201
set endip 10.1.1.201
end
3
Enter the following command to add an internal to wan1 firewall policy with NAT
enabled that also includes an IP pool:
config firewall policy
edit 1
set srcintf "internal"
set dstintf "wan1"
set scraddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
set nat enable
set ippool enable
set poolname nat-out
end
DMZ network
10.1.1.0/24
10.1.1.0/24
Transparent mode
Management IPs:
10.1.1.99
192.168.1.99
Internal network
192.168.1.0/24
Internal
DMZ
WAN 1
Router
Internet
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...