Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiManager 6.0.5 Administration Guide
    6.0.5
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.9
    4.2.8
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    NAT policies

    NAT policies

    Use NAT46 policies for IPv6 environments where you want to expose certain services to the public IPv4 Internet. You will need to configure a virtual IP to permit the access.

    Use NAT64 policies to perform network address translation (NAT) between an internal IPv6 network and an external IPv4 network.

    The NAT46 Policy tab allows you to create, edit, delete, and clone NAT46 policies. The NAT64 Policy tab allows you to create, edit, delete, and clone NAT64 policies.

    On the Policy & Objects pane, from the Tools menu, select Display Options, and then select the NAT46 Policy and NAT64 Policy checkboxes to display these options.
    To create a NAT46 or NAT64 policy:
    1. Ensure you are in the correct ADOM.
    2. Go to Policy & Objects > Policy Packages.
    3. In the tree menu for the policy package, click NAT46 Policy or NAT64 Policy.
    4. Click Create New, or, from the Create New menu, select Insert Above or Insert Below. By default, policies will be added to the bottom of the list. The Create New Policy pane opens.
    5. Configure the following settings, then click OK to create the policy:

      Incoming Interface

      Click the field then select interfaces from the Object Selector frame, or drag and drop the address from the object pane.

      Outgoing Interface

      Select outgoing interfaces.

      Source Address

      Select source addresses.

      Destination Address

      Select destination addresses, address groups, virtual IPs, and virtual IP groups.

      Service

      Select services and service groups.

      Schedule

      Select schedules, one time or recurring, and schedule groups.

      Action

      Select an action for the policy to take: ACCEPT, or DENY.

      Log Allowed Traffic

      Select to log allowed traffic.

      NAT

      NAT is enabled by default for this policy type when the Action is ACCEPT.

      Use Destination Interface Address is selected by default. Select Fixed Port if required.

      Dynamic IP Pool

      Select to use dynamic IP pools. Select Fixed Port if required, and the IP Pool Name from the available IP pool objects.

      This option is only available for NAT64 policies.

      Traffic Shaping

      Select traffic shapers.

      This option is available if the Action is ACCEPT.

      Reverse Traffic Shaping

      Select traffic shapers.

      This option is available if at least one forward traffic shaper is selected.

      Per-IP Traffic Shaping

      Select per IP traffic shapers.

      This option is available if the Action is ACCEPT.

      Description

      Add a description of the policy, such as its purpose, or the changes that have been made to it.

      Advanced Options

      ippool

      Enable IP pools. This option is only available for NAT46 policies.

      permit-any-host

      Enable to accept UDP packets from any host.

      poolname

      Select a firewall IP pool from the dropdown list (default = None). This option is only available for NAT46 policies.

      tcp-mss-receiver

      Enter a value for the receiver’s TCP MSS.

      tcp-mss-sender

      Enter a value for the sender’s TCP MSS.
    Previous
    Next

    NAT policies

    NAT policies

    Use NAT46 policies for IPv6 environments where you want to expose certain services to the public IPv4 Internet. You will need to configure a virtual IP to permit the access.

    Use NAT64 policies to perform network address translation (NAT) between an internal IPv6 network and an external IPv4 network.

    The NAT46 Policy tab allows you to create, edit, delete, and clone NAT46 policies. The NAT64 Policy tab allows you to create, edit, delete, and clone NAT64 policies.

    On the Policy & Objects pane, from the Tools menu, select Display Options, and then select the NAT46 Policy and NAT64 Policy checkboxes to display these options.
    To create a NAT46 or NAT64 policy:
    1. Ensure you are in the correct ADOM.
    2. Go to Policy & Objects > Policy Packages.
    3. In the tree menu for the policy package, click NAT46 Policy or NAT64 Policy.
    4. Click Create New, or, from the Create New menu, select Insert Above or Insert Below. By default, policies will be added to the bottom of the list. The Create New Policy pane opens.
    5. Configure the following settings, then click OK to create the policy:

      Incoming Interface

      Click the field then select interfaces from the Object Selector frame, or drag and drop the address from the object pane.

      Outgoing Interface

      Select outgoing interfaces.

      Source Address

      Select source addresses.

      Destination Address

      Select destination addresses, address groups, virtual IPs, and virtual IP groups.

      Service

      Select services and service groups.

      Schedule

      Select schedules, one time or recurring, and schedule groups.

      Action

      Select an action for the policy to take: ACCEPT, or DENY.

      Log Allowed Traffic

      Select to log allowed traffic.

      NAT

      NAT is enabled by default for this policy type when the Action is ACCEPT.

      Use Destination Interface Address is selected by default. Select Fixed Port if required.

      Dynamic IP Pool

      Select to use dynamic IP pools. Select Fixed Port if required, and the IP Pool Name from the available IP pool objects.

      This option is only available for NAT64 policies.

      Traffic Shaping

      Select traffic shapers.

      This option is available if the Action is ACCEPT.

      Reverse Traffic Shaping

      Select traffic shapers.

      This option is available if at least one forward traffic shaper is selected.

      Per-IP Traffic Shaping

      Select per IP traffic shapers.

      This option is available if the Action is ACCEPT.

      Description

      Add a description of the policy, such as its purpose, or the changes that have been made to it.

      Advanced Options

      ippool

      Enable IP pools. This option is only available for NAT46 policies.

      permit-any-host

      Enable to accept UDP packets from any host.

      poolname

      Select a firewall IP pool from the dropdown list (default = None). This option is only available for NAT46 policies.

      tcp-mss-receiver

      Enter a value for the receiver’s TCP MSS.

      tcp-mss-sender

      Enter a value for the sender’s TCP MSS.
    Previous
    Next