Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiADC 7.2.6 CLI Reference
    7.2.6
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.2
    6.0.1
    6.0.0
    5.4.5
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.0
    4.8.1
    4.7.0

    config load-balance ippool

    config load-balance ippool

    Use this command to configure a NAT IP address range pool to be used in a Layer 4 virtual server deployment

    In a Layer 4 virtual server configuration, you select a “packet forwarding method” that includes the following network address translation (NAT) options:

    • Direct Routing—Does not rewrite source or destination IP addresses.
    • DNAT—Rewrites the destination IP address for packets before it forwards them.
    • Full NAT—Rewrites both the source and destination IP addresses. Use for standard NAT, when client and server IP addresses are all IPv4 or all IPv6.
    • NAT46—Rewrites both the source and destination IP addresses. Use for NAT 46, when client IP addresses are IPv4 and server IP addresses are IPv6.
    • NAT64—Rewrites both the source and destination IP addresses. Use for NAT 64, when client IP addresses are IPv6 and server IP addresses are IPv4.

    In a Layer 7 virtual server configuration, you do not select a packet forwarding option. Layer 7 virtual servers use NAT46 and NAT64 to support those traffic flows, but they do not use the Source Pool configuration.

    See the FortiADC Handbook for example usage.

    Before you begin:
    • You must have a good understanding of NAT. You must know the address ranges your network has provisioned for NAT.
    • Be sure to configure the backend servers to use the FortiADC address as the default gateway so that server responses are also rewritten by the NAT module.
    • You must have read-write permission for load balancing settings.

    After you have configured a source pool IP address range configuration object, you can select it in the virtual server configuration. You can assign a virtual server multiple source pools (with the same or different source pool interface associated with it).

    There are no validation checks for duplicate addresses in the NAT source pool for HA synchronization, SNAT, 1-to-1 NAT, and VIP, as the ha-mgmt-ip is not synchronized between the HA nodes. For these configurations, ensure the starting and ending IPs in the address range of the NAT source pool are not duplicates.

    Syntax

    config load-balance ippool

    edit <No.>

    set interface <datasource>

    set addr-type {ipv4|ipv6}

    set ip-min <class_ip>

    set ip-max <class_ip>

    config node-member

    edit <name>

    set ha-node <integer>

    set interface <datasource>

    set addr-type {ipv4|ipv6}

    set ip-min <class_ip>

    set ip-max <class_ip>

    next

    end

    next

    end

    interface

    Interface to receive responses from the backend server. The interface used for the initial client traffic is determined by the virtual server configuration.

    addr-type

    IPv4 or IPv6

    ip-min

    The first address in the address pool.

    ip-max

    The last address in the address pool.
    config node-member

    <name>

    Create a node member list to be used in an HA active-active deployment when the node interfaces have multiple IP addresses.

    Name is a configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. You reference this name in the virtual server configuration.

    Note: After you initially save the configuration, you cannot edit the name.
    ha-node Specify the HA cluster node ID.

    interface

    Interface to receive responses from the backend server. The interface used for the initial client traffic is determined by the virtual server configuration.

    addr-type

    IPv4 or IPv6

    ip-min

    The first address in the address pool.

    ip-max

    The last address in the address pool.
    Previous
    Next

    config load-balance ippool

    config load-balance ippool

    Use this command to configure a NAT IP address range pool to be used in a Layer 4 virtual server deployment

    In a Layer 4 virtual server configuration, you select a “packet forwarding method” that includes the following network address translation (NAT) options:

    • Direct Routing—Does not rewrite source or destination IP addresses.
    • DNAT—Rewrites the destination IP address for packets before it forwards them.
    • Full NAT—Rewrites both the source and destination IP addresses. Use for standard NAT, when client and server IP addresses are all IPv4 or all IPv6.
    • NAT46—Rewrites both the source and destination IP addresses. Use for NAT 46, when client IP addresses are IPv4 and server IP addresses are IPv6.
    • NAT64—Rewrites both the source and destination IP addresses. Use for NAT 64, when client IP addresses are IPv6 and server IP addresses are IPv4.

    In a Layer 7 virtual server configuration, you do not select a packet forwarding option. Layer 7 virtual servers use NAT46 and NAT64 to support those traffic flows, but they do not use the Source Pool configuration.

    See the FortiADC Handbook for example usage.

    Before you begin:
    • You must have a good understanding of NAT. You must know the address ranges your network has provisioned for NAT.
    • Be sure to configure the backend servers to use the FortiADC address as the default gateway so that server responses are also rewritten by the NAT module.
    • You must have read-write permission for load balancing settings.

    After you have configured a source pool IP address range configuration object, you can select it in the virtual server configuration. You can assign a virtual server multiple source pools (with the same or different source pool interface associated with it).

    There are no validation checks for duplicate addresses in the NAT source pool for HA synchronization, SNAT, 1-to-1 NAT, and VIP, as the ha-mgmt-ip is not synchronized between the HA nodes. For these configurations, ensure the starting and ending IPs in the address range of the NAT source pool are not duplicates.

    Syntax

    config load-balance ippool

    edit <No.>

    set interface <datasource>

    set addr-type {ipv4|ipv6}

    set ip-min <class_ip>

    set ip-max <class_ip>

    config node-member

    edit <name>

    set ha-node <integer>

    set interface <datasource>

    set addr-type {ipv4|ipv6}

    set ip-min <class_ip>

    set ip-max <class_ip>

    next

    end

    next

    end

    interface

    Interface to receive responses from the backend server. The interface used for the initial client traffic is determined by the virtual server configuration.

    addr-type

    IPv4 or IPv6

    ip-min

    The first address in the address pool.

    ip-max

    The last address in the address pool.
    config node-member

    <name>

    Create a node member list to be used in an HA active-active deployment when the node interfaces have multiple IP addresses.

    Name is a configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. You reference this name in the virtual server configuration.

    Note: After you initially save the configuration, you cannot edit the name.
    ha-node Specify the HA cluster node ID.

    interface

    Interface to receive responses from the backend server. The interface used for the initial client traffic is determined by the virtual server configuration.

    addr-type

    IPv4 or IPv6

    ip-min

    The first address in the address pool.

    ip-max

    The last address in the address pool.
    Previous
    Next