Fortinet white logo
Fortinet white logo

FortiGate-7000E Administration Guide

Controlling SNAT port partitioning behavior

Controlling SNAT port partitioning behavior

When you set up FortiGate 7000E SNAT configurations using IP pools, the source NAT (SNAT) source ports in the IP pool are distributed evenly among the FPMs. Each FPM gets an equal share of the source ports. For details about how this works and issues that occur, see the Fortinet Community article Technical Tip: Understanding NAT port allocation on Chassis (6k/7k).

You can use the following command to control how the FortiGate 7000E partitions SNAT source ports among FPMs:

config load-balance setting

set nat-source-port {chassis-slots | enabled-slots}

end

chassis-slots this option statically allocates SNAT source ports to all FPMs that are enabled when you enter the command. If you disable an FPM from the CLI or remove an FPM from its slot, the SNAT source ports assigned to that FPM will not be re-allocated to the remaining FPMs. All FPMs that are still operating will maintain the same SNAT source port allocation and active sessions being processed by the still operating FPMs will not be affected.

Note

You can use the following command to enable or disable an FPM from the CLI:

config workers

edit <slot>

set status {disable | enable}

end

enabled-slots this option dynamically re-distributes SNAT source ports to enabled or installed FPMs. This is the default behavior and is recommended in most cases.

If an FPM is disabled or removed from its slot, SLBC dynamically re-allocates SNAT source ports among the remaining FPMs. This means that all configured SNAT source ports remain available. If SNAT source ports are re-allocated when the FortiGate 7000E is actively processing traffic, some active sessions may be lost if their source ports are allocated to different FPMs.

Note

SNAT source ports are not dynamically reallocated if an FPM is powered off. To re-allocate SNAT source ports, the FPM must be disabled from the CLI or physically removed from its slot.

Controlling SNAT port partitioning behavior

Controlling SNAT port partitioning behavior

When you set up FortiGate 7000E SNAT configurations using IP pools, the source NAT (SNAT) source ports in the IP pool are distributed evenly among the FPMs. Each FPM gets an equal share of the source ports. For details about how this works and issues that occur, see the Fortinet Community article Technical Tip: Understanding NAT port allocation on Chassis (6k/7k).

You can use the following command to control how the FortiGate 7000E partitions SNAT source ports among FPMs:

config load-balance setting

set nat-source-port {chassis-slots | enabled-slots}

end

chassis-slots this option statically allocates SNAT source ports to all FPMs that are enabled when you enter the command. If you disable an FPM from the CLI or remove an FPM from its slot, the SNAT source ports assigned to that FPM will not be re-allocated to the remaining FPMs. All FPMs that are still operating will maintain the same SNAT source port allocation and active sessions being processed by the still operating FPMs will not be affected.

Note

You can use the following command to enable or disable an FPM from the CLI:

config workers

edit <slot>

set status {disable | enable}

end

enabled-slots this option dynamically re-distributes SNAT source ports to enabled or installed FPMs. This is the default behavior and is recommended in most cases.

If an FPM is disabled or removed from its slot, SLBC dynamically re-allocates SNAT source ports among the remaining FPMs. This means that all configured SNAT source ports remain available. If SNAT source ports are re-allocated when the FortiGate 7000E is actively processing traffic, some active sessions may be lost if their source ports are allocated to different FPMs.

Note

SNAT source ports are not dynamically reallocated if an FPM is powered off. To re-allocate SNAT source ports, the FPM must be disabled from the CLI or physically removed from its slot.