Fortinet black logo

CLI Reference

config firewall central-snat-map

config firewall central-snat-map

Configure IPv4 and IPv6 central SNAT policies.

config firewall central-snat-map
    Description: Configure IPv4 and IPv6 central SNAT policies.
    edit <policyid>
        set comments {var-string}
        set dst-addr <name1>, <name2>, ...
        set dst-addr6 <name1>, <name2>, ...
        set dst-port {user}
        set dstintf <name1>, <name2>, ...
        set nat [disable|enable]
        set nat-ippool <name1>, <name2>, ...
        set nat-ippool6 <name1>, <name2>, ...
        set nat-port {user}
        set nat46 [enable|disable]
        set nat64 [enable|disable]
        set orig-addr <name1>, <name2>, ...
        set orig-addr6 <name1>, <name2>, ...
        set orig-port {user}
        set protocol {integer}
        set srcintf <name1>, <name2>, ...
        set status [enable|disable]
        set type [ipv4|ipv6]
        set uuid {uuid}
    next
end

config firewall central-snat-map

Parameter

Description

Type

Size

Default

comments

Comment.

var-string

Maximum length: 1023

dst-addr <name>

IPv4 Destination address.

Address name.

string

Maximum length: 79

dst-addr6 <name>

IPv6 Destination address.

Address name.

string

Maximum length: 79

dst-port

Destination port or port range (1 to 65535, 0 means any port).

user

Not Specified

dstintf <name>

Destination interface name from available interfaces.

Interface name.

string

Maximum length: 79

nat

Enable/disable source NAT.

option

-

enable

Option

Description

disable

Disable source NAT.

enable

Enable source NAT.

nat-ippool <name>

Name of the IP pools to be used to translate addresses from available IP Pools.

IP pool name.

string

Maximum length: 79

nat-ippool6 <name>

IPv6 pools to be used for source NAT.

IPv6 pool name.

string

Maximum length: 79

nat-port

Translated port or port range (1 to 65535, 0 means any port).

user

Not Specified

nat46

Enable/disable NAT46.

option

-

disable

Option

Description

enable

Enable NAT46.

disable

Disable NAT46.

nat64

Enable/disable NAT64.

option

-

disable

Option

Description

enable

Enable NAT64.

disable

Disable NAT64.

orig-addr <name>

IPv4 Original address.

Address name.

string

Maximum length: 79

orig-addr6 <name>

IPv6 Original address.

Address name.

string

Maximum length: 79

orig-port

Original TCP port (1 to 65535, 0 means any port).

user

Not Specified

policyid

Policy ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

protocol

Integer value for the protocol type.

integer

Minimum value: 0 Maximum value: 255

0

srcintf <name>

Source interface name from available interfaces.

Interface name.

string

Maximum length: 79

status

Enable/disable the active status of this policy.

option

-

enable

Option

Description

enable

Enable this policy.

disable

Disable this policy.

type

IPv4/IPv6 source NAT.

option

-

ipv4

Option

Description

ipv4

Perform IPv4 source NAT.

ipv6

Perform IPv6 source NAT.

uuid

Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

uuid

Not Specified

00000000-0000-0000-0000-000000000000

config firewall central-snat-map

Configure IPv4 and IPv6 central SNAT policies.

config firewall central-snat-map
    Description: Configure IPv4 and IPv6 central SNAT policies.
    edit <policyid>
        set comments {var-string}
        set dst-addr <name1>, <name2>, ...
        set dst-addr6 <name1>, <name2>, ...
        set dst-port {user}
        set dstintf <name1>, <name2>, ...
        set nat [disable|enable]
        set nat-ippool <name1>, <name2>, ...
        set nat-ippool6 <name1>, <name2>, ...
        set nat-port {user}
        set nat46 [enable|disable]
        set nat64 [enable|disable]
        set orig-addr <name1>, <name2>, ...
        set orig-addr6 <name1>, <name2>, ...
        set orig-port {user}
        set protocol {integer}
        set srcintf <name1>, <name2>, ...
        set status [enable|disable]
        set type [ipv4|ipv6]
        set uuid {uuid}
    next
end

config firewall central-snat-map

Parameter

Description

Type

Size

Default

comments

Comment.

var-string

Maximum length: 1023

dst-addr <name>

IPv4 Destination address.

Address name.

string

Maximum length: 79

dst-addr6 <name>

IPv6 Destination address.

Address name.

string

Maximum length: 79

dst-port

Destination port or port range (1 to 65535, 0 means any port).

user

Not Specified

dstintf <name>

Destination interface name from available interfaces.

Interface name.

string

Maximum length: 79

nat

Enable/disable source NAT.

option

-

enable

Option

Description

disable

Disable source NAT.

enable

Enable source NAT.

nat-ippool <name>

Name of the IP pools to be used to translate addresses from available IP Pools.

IP pool name.

string

Maximum length: 79

nat-ippool6 <name>

IPv6 pools to be used for source NAT.

IPv6 pool name.

string

Maximum length: 79

nat-port

Translated port or port range (1 to 65535, 0 means any port).

user

Not Specified

nat46

Enable/disable NAT46.

option

-

disable

Option

Description

enable

Enable NAT46.

disable

Disable NAT46.

nat64

Enable/disable NAT64.

option

-

disable

Option

Description

enable

Enable NAT64.

disable

Disable NAT64.

orig-addr <name>

IPv4 Original address.

Address name.

string

Maximum length: 79

orig-addr6 <name>

IPv6 Original address.

Address name.

string

Maximum length: 79

orig-port

Original TCP port (1 to 65535, 0 means any port).

user

Not Specified

policyid

Policy ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

protocol

Integer value for the protocol type.

integer

Minimum value: 0 Maximum value: 255

0

srcintf <name>

Source interface name from available interfaces.

Interface name.

string

Maximum length: 79

status

Enable/disable the active status of this policy.

option

-

enable

Option

Description

enable

Enable this policy.

disable

Disable this policy.

type

IPv4/IPv6 source NAT.

option

-

ipv4

Option

Description

ipv4

Perform IPv4 source NAT.

ipv6

Perform IPv6 source NAT.

uuid

Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

uuid

Not Specified

00000000-0000-0000-0000-000000000000