Fortinet black logo

FortiGate-7000 Release Notes

Home FortiGate-7000 6.4.8 FortiGate-7000 Release Notes

Changing SNAT port partitioning behavior

6.4.8
7.0.15
7.0.14
7.0.13
7.0.12
7.0.10
7.0.5
6.4.15
6.4.14
6.4.13
6.4.12
6.4.10
6.4.8
6.4.6
6.4.2
6.2.16
6.2.15
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.7
6.2.6
6.2.4
6.2.3
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.10
6.0.9
6.0.8
6.0.6
6.0.4
5.6.14
5.6.12
5.6.11
5.6.7
5.6.6
5.4.9
5.4.5
5.4.3
Copy Link
Copy Doc ID 7bdf933f-9039-11ec-9fd1-fa163e15d75b:81276
Download PDF

Changing SNAT port partitioning behavior

You can use the following command to control how the FortiGate-6000 or 7000 partitions source NAT (SNAT) source ports among FPCs or FPMs:

config load-balance setting

set nat-source-port {chassis-slots | enabled-slots}

end

chassis-slots this option statically allocates SNAT source ports to all FPCs or FPMs that are enabled when you enter the command. If you disable an FPC or FPM from the CLI or remove an FPM from its slot, the SNAT source ports assigned to that FPC or FPM will not be re-allocated to the remaining FPCs or FPMs. All FPCs or FPMs that are still operating will maintain the same SNAT source port allocation and active sessions being processed by the still operating FPCs or FPMs will not be affected.

Note

You can use the following command to enable or disable an FPC or FPM from the CLI:

config workers

edit <slot>

set status {disable | enable}

end

enabled-slots this option dynamically re-distributes SNAT source ports to enabled FPCs or enabled and installed FPMs. This is the default behavior and is recommended in most cases.

If an FPC or FPM is disabled or if an FPM is removed from its slot, SLBC dynamically re-allocates SNAT source ports among the remaining enabled FPCs or FPMs. This means that all configured SNAT source ports remain available. If SNAT source ports are re-allocated when the FortiGate-7000 is actively processing traffic, some active sessions may be lost if their source ports are allocated to different FPCs or FPMs.

Note

SNAT source ports are not dynamically reallocated if an FPC or FPM is powered off. To re-allocate SNAT source ports, the FPC or FPM must be disabled from the CLI or the FPM must be physically removed from its slot.
Previous
Next

Changing SNAT port partitioning behavior

You can use the following command to control how the FortiGate-6000 or 7000 partitions source NAT (SNAT) source ports among FPCs or FPMs:

config load-balance setting

set nat-source-port {chassis-slots | enabled-slots}

end

chassis-slots this option statically allocates SNAT source ports to all FPCs or FPMs that are enabled when you enter the command. If you disable an FPC or FPM from the CLI or remove an FPM from its slot, the SNAT source ports assigned to that FPC or FPM will not be re-allocated to the remaining FPCs or FPMs. All FPCs or FPMs that are still operating will maintain the same SNAT source port allocation and active sessions being processed by the still operating FPCs or FPMs will not be affected.

Note

You can use the following command to enable or disable an FPC or FPM from the CLI:

config workers

edit <slot>

set status {disable | enable}

end

enabled-slots this option dynamically re-distributes SNAT source ports to enabled FPCs or enabled and installed FPMs. This is the default behavior and is recommended in most cases.

If an FPC or FPM is disabled or if an FPM is removed from its slot, SLBC dynamically re-allocates SNAT source ports among the remaining enabled FPCs or FPMs. This means that all configured SNAT source ports remain available. If SNAT source ports are re-allocated when the FortiGate-7000 is actively processing traffic, some active sessions may be lost if their source ports are allocated to different FPCs or FPMs.

Note

SNAT source ports are not dynamically reallocated if an FPC or FPM is powered off. To re-allocate SNAT source ports, the FPC or FPM must be disabled from the CLI or the FPM must be physically removed from its slot.
Previous
Next