Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

FortiGate-7000 Release Notes

Changing SNAT port partitioning behavior

You can use the following new command to control how the FortiGate-6000 or 7000 partitions source NAT (SNAT) source ports among FPCs or FPMs:

config load-balance setting

set nat-source-port {chassis-slots | enabled-slots}

end

chassis-slots this new option statically allocates SNAT source ports to all FPCs or FPMs. The source port distribution is not affected by whether or not an FPC or FPM goes down, is disabled, or is taken offline for maintenance or some other purpose.

If an FPC or FPM goes down, is disabled, or is taken offline, the SNAT source ports assigned to that FPC or FPM will not be re-allocated to the FPCs or FPMs that are still operating. Fewer source ports will be available, but all FPCs or FPMs that are still operating will maintain the same SNAT source port allocation and active sessions being processed by the still operating FPCs or FPMs will not be affected.

enabled-slots SNAT source port partitioning dynamically distributes SNAT source ports to operating FPCs or FPMs. This is the default behavior and is recommended in most cases. This is also how SNAT source port allocation was handled in previous releases.

If an FPC or FPM goes down, is disabled, or is taken offline for maintenance or some other purpose, SLBC dynamically re-allocates SNAT source ports among the remaining FPCs or FPMs. This means that all configured SNAT source ports remain available. If SNAT source ports are re-allocated when the FortiGate-6000 or 7000 is actively processing traffic, some active sessions may be lost if their source ports are allocated to different FPCs or FPMs.

Changing SNAT port partitioning behavior

You can use the following new command to control how the FortiGate-6000 or 7000 partitions source NAT (SNAT) source ports among FPCs or FPMs:

config load-balance setting

set nat-source-port {chassis-slots | enabled-slots}

end

chassis-slots this new option statically allocates SNAT source ports to all FPCs or FPMs. The source port distribution is not affected by whether or not an FPC or FPM goes down, is disabled, or is taken offline for maintenance or some other purpose.

If an FPC or FPM goes down, is disabled, or is taken offline, the SNAT source ports assigned to that FPC or FPM will not be re-allocated to the FPCs or FPMs that are still operating. Fewer source ports will be available, but all FPCs or FPMs that are still operating will maintain the same SNAT source port allocation and active sessions being processed by the still operating FPCs or FPMs will not be affected.

enabled-slots SNAT source port partitioning dynamically distributes SNAT source ports to operating FPCs or FPMs. This is the default behavior and is recommended in most cases. This is also how SNAT source port allocation was handled in previous releases.

If an FPC or FPM goes down, is disabled, or is taken offline for maintenance or some other purpose, SLBC dynamically re-allocates SNAT source ports among the remaining FPCs or FPMs. This means that all configured SNAT source ports remain available. If SNAT source ports are re-allocated when the FortiGate-6000 or 7000 is actively processing traffic, some active sessions may be lost if their source ports are allocated to different FPCs or FPMs.