Fortinet black logo

CLI Reference

firewall central-snat-map

firewall central-snat-map

Use this command to create NAT rules as well as NAT mappings that are set up by the global firewall table. Multiple NAT rules can be added on a FortiGate and these NAT rules can be used in firewall policies.

A Typical NAT rule consists of:

  • source ip address
  • original port number
  • translated ip address
  • translated port number

IP addresses can be single address or multiple addresses that are predefined with an IP pool. Similarly, port numbers can also be a single port or a range of ports.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

set comments [comment]

Comments field added for Central SNAT policy.

config firewall central-snat-map
    edit {policyid}
    # Configure central SNAT policies.
        set policyid {integer}   Policy ID. range[0-4294967295]
        set status {enable | disable}   Enable/disable the active status of this policy.
        config orig-addr
            edit {name}
            # Original address.
                set name {string}   Address name. size[64] - datasource(s): firewall.address.name,firewall.addrgrp.name
            next
        config srcintf
            edit {name}
            # Source interface name from available interfaces.
                set name {string}   Interface name. size[64] - datasource(s): system.interface.name,system.zone.name
            next
        config dst-addr
            edit {name}
            # Destination address name from available addresses.
                set name {string}   Address name. size[64] - datasource(s): firewall.address.name,firewall.addrgrp.name
            next
        config dstintf
            edit {name}
            # Destination interface name from available interfaces.
                set name {string}   Interface name. size[64] - datasource(s): system.interface.name,system.zone.name
            next
        config nat-ippool
            edit {name}
            # Name of the IP pools to be used to translate addresses from available IP Pools.
                set name {string}   IP pool name. size[64] - datasource(s): firewall.ippool.name
            next
        set protocol {integer}   Integer value for the protocol type (0 - 255). range[0-255]
        set orig-port {string}   Original TCP port (0 to 65535).
        set nat-port {string}   Translated port or port range (0 to 65535).
        set nat {disable | enable}   Enable/disable source NAT.
        set comments {string}   Comment. size[1023]
    next
end

Additional information

The following section is for those options that require additional explanation.

firewall central-snat-map

Use this command to create NAT rules as well as NAT mappings that are set up by the global firewall table. Multiple NAT rules can be added on a FortiGate and these NAT rules can be used in firewall policies.

A Typical NAT rule consists of:

  • source ip address
  • original port number
  • translated ip address
  • translated port number

IP addresses can be single address or multiple addresses that are predefined with an IP pool. Similarly, port numbers can also be a single port or a range of ports.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

set comments [comment]

Comments field added for Central SNAT policy.

config firewall central-snat-map
    edit {policyid}
    # Configure central SNAT policies.
        set policyid {integer}   Policy ID. range[0-4294967295]
        set status {enable | disable}   Enable/disable the active status of this policy.
        config orig-addr
            edit {name}
            # Original address.
                set name {string}   Address name. size[64] - datasource(s): firewall.address.name,firewall.addrgrp.name
            next
        config srcintf
            edit {name}
            # Source interface name from available interfaces.
                set name {string}   Interface name. size[64] - datasource(s): system.interface.name,system.zone.name
            next
        config dst-addr
            edit {name}
            # Destination address name from available addresses.
                set name {string}   Address name. size[64] - datasource(s): firewall.address.name,firewall.addrgrp.name
            next
        config dstintf
            edit {name}
            # Destination interface name from available interfaces.
                set name {string}   Interface name. size[64] - datasource(s): system.interface.name,system.zone.name
            next
        config nat-ippool
            edit {name}
            # Name of the IP pools to be used to translate addresses from available IP Pools.
                set name {string}   IP pool name. size[64] - datasource(s): firewall.ippool.name
            next
        set protocol {integer}   Integer value for the protocol type (0 - 255). range[0-255]
        set orig-port {string}   Original TCP port (0 to 65535).
        set nat-port {string}   Translated port or port range (0 to 65535).
        set nat {disable | enable}   Enable/disable source NAT.
        set comments {string}   Comment. size[1023]
    next
end

Additional information

The following section is for those options that require additional explanation.