Fortinet black logo

FortiGate-6000 Handbook

Controlling SNAT port partitioning behavior

Controlling SNAT port partitioning behavior

You can use the following command to control how the FortiGate-6000 partitions source NAT (SNAT) source ports among FPCs:

config load-balance setting

set nat-source-port {chassis-slots | enabled-slots}

end

chassis-slots this option statically allocates SNAT source ports to all FPCs that are enabled when you enter the command. If you disable an FPC from the CLI, the SNAT source ports assigned to that FPC will not be re-allocated to the remaining FPCs. All FPCs that are still operating will maintain the same SNAT source port allocation and active sessions being processed by the still operating FPCs will not be affected.

Note

You can use the following command to enable or disable an FPC from the CLI:

config workers

edit <slot>

set status {disable | enable}

end

enabled-slots this option dynamically re-distributes SNAT source ports to enabled FPCs. This is the default behavior and is recommended in most cases.

If an FPC is disabled, SLBC dynamically re-allocates SNAT source ports among the remaining enabled FPCs. This means that all configured SNAT source ports remain available. If SNAT source ports are re-allocated when the FortiGate-6000 is actively processing traffic, some active sessions may be lost if their source ports are allocated to different FPCs.

Note

SNAT source ports are not dynamically reallocated if an FPC is powered off. To re-allocate SNAT source ports, the FPC must be disabled from the CLI.

Controlling SNAT port partitioning behavior

You can use the following command to control how the FortiGate-6000 partitions source NAT (SNAT) source ports among FPCs:

config load-balance setting

set nat-source-port {chassis-slots | enabled-slots}

end

chassis-slots this option statically allocates SNAT source ports to all FPCs that are enabled when you enter the command. If you disable an FPC from the CLI, the SNAT source ports assigned to that FPC will not be re-allocated to the remaining FPCs. All FPCs that are still operating will maintain the same SNAT source port allocation and active sessions being processed by the still operating FPCs will not be affected.

Note

You can use the following command to enable or disable an FPC from the CLI:

config workers

edit <slot>

set status {disable | enable}

end

enabled-slots this option dynamically re-distributes SNAT source ports to enabled FPCs. This is the default behavior and is recommended in most cases.

If an FPC is disabled, SLBC dynamically re-allocates SNAT source ports among the remaining enabled FPCs. This means that all configured SNAT source ports remain available. If SNAT source ports are re-allocated when the FortiGate-6000 is actively processing traffic, some active sessions may be lost if their source ports are allocated to different FPCs.

Note

SNAT source ports are not dynamically reallocated if an FPC is powered off. To re-allocate SNAT source ports, the FPC must be disabled from the CLI.