Changing SNAT port partitioning behavior
You can use the following command to control how the FortiGate-6000 or 7000 partitions source NAT (SNAT) source ports among FPCs or FPMs:
config load-balance setting
set nat-source-port {chassis-slots | enabled-slots}
end
chassis-slots
this option statically allocates SNAT source ports to all FPCs or FPMs that are enabled when you enter the command. If you disable an FPC or FPM from the CLI or remove an FPM from its slot, the SNAT source ports assigned to that FPC or FPM will not be re-allocated to the remaining FPCs or FPMs. All FPCs or FPMs that are still operating will maintain the same SNAT source port allocation and active sessions being processed by the still operating FPCs or FPMs will not be affected.
You can use the following command to enable or disable an FPC or FPM from the CLI: config workers edit <slot> set status {disable | enable} end |
enabled-slots
this option dynamically re-distributes SNAT source ports to enabled FPCs or enabled and installed FPMs. This is the default behavior and is recommended in most cases.
If an FPC or FPM is disabled or if an FPM is removed from its slot, SLBC dynamically re-allocates SNAT source ports among the remaining enabled FPCs or FPMs. This means that all configured SNAT source ports remain available. If SNAT source ports are re-allocated when the FortiGate-7000 is actively processing traffic, some active sessions may be lost if their source ports are allocated to different FPCs or FPMs.
SNAT source ports are not dynamically reallocated if an FPC or FPM is powered off. To re-allocate SNAT source ports, the FPC or FPM must be disabled from the CLI or the FPM must be physically removed from its slot. |