Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiProxy 7.4.1 Administration Guide
    7.4.1
    7.6.1
    7.6.0
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.0
    7.0.19
    7.0.17
    7.0.0
    2.0.0
    1.2.0
    1.1.0
    1.0.0

    Create or edit a central SNAT policy

    Create or edit a central SNAT policy

    Select Create New to open the Create Central SNAT window. To change a central SNAT policy, select the policy and then click Edit.

    Configure the following settings in the Create Central SNAT window or the Edit Central SNAT window and then click OK:

    Status

    Select Enable make the central SNAT policy is active.

    Action

    Select one of the following options for the central SNAT action:

    • Bypass—Do not perform network address translation (NAT).

    • Masquerade—Use a single IP address to protect multiple IP addresses in a LAN.

    • IP Pools—Use an IP address from an IP pool. An IP pool defines a single IP address or a range of IP addresses to be used as the source address for the duration of the session. These assigned addresses are used instead of the IP address assigned to that FortiProxy interface.

    Type

    Select IPv4 or IPv6.

    Source Interface

    Select one of the available interfaces from the drop-down list.

    Destination Interface

    Select one of the available interfaces from the drop-down list.

    Source Address

    Source IPv6 Address

    Click +. A window slides out from the right. Here, you can select from the available addresses and address groups. Select one or more items to add to the field. Clicking on an object in this window while it is highlighted removes it from the field. Multiple selections are allowed. For more information on addresses, see Addresses.

    Destination Address

    Destination IPv6 Address

    Click +. A window slides out from the right. Here, you can select from the available addresses and address groups. Select one or more items to add to the field. Clicking on an object in this window while it is highlighted removes it from the field. Multiple selections are allowed. For more information on addresses, see Addresses.

    API Preview

    The API Preview allows you to view all REST API requests being used by the page. You can make changes on the page that are reflected in the API request preview. This feature is not available if the user is logged in as an administrator that has read-only GUI permissions.
    To use the API Preview:

    1. Click API Preview. The API Preview pane opens, and the values for the fields are visible (data). If a new object is being created, the POST request is shown.

    2. Enable Show modified changes only to show the modified changes instead of the full configuration in the preview.

    3. Click Copy to Clipboard to copy the JSON code shown on the preview screen to the clipboard.

    4. Click Close to leave the preview.

    To create a central SNAT policy in the CLI:

    config firewall central-snat-map

    edit <policy_identifier>

    set status {enable | disable}

    set action {bypass | masquerade | ippool}

    set ipv6 {enable | disable}

    set srcintf <source_interface_name>

    set dstintf <destination_interface_name>

    set src-addr <original_address>

    set dst-addr <original_address>

    end

    For example, to create an IPv4 central SNAT policy:

    config firewall central-snat-map

    edit 1

    set status enable

    set action masquerade

    set ipv6 disable

    set srcintf port2

    set dstintf port1

    set src-addr "all"

    set dst-addr "all"

    end

    For example, to create an IPv6 central SNAT policy:

    config firewall central-snat-map

    edit 1

    set status enable

    set action ippool

    set ipv6 enable

    set srcintf port1

    set dstintf port3

    set src-addr6 "all"

    set dst-addr6 "all"

    set nat-ippool6 "pool6"

    end

    Previous
    Next

    Create or edit a central SNAT policy

    Create or edit a central SNAT policy

    Select Create New to open the Create Central SNAT window. To change a central SNAT policy, select the policy and then click Edit.

    Configure the following settings in the Create Central SNAT window or the Edit Central SNAT window and then click OK:

    Status

    Select Enable make the central SNAT policy is active.

    Action

    Select one of the following options for the central SNAT action:

    • Bypass—Do not perform network address translation (NAT).

    • Masquerade—Use a single IP address to protect multiple IP addresses in a LAN.

    • IP Pools—Use an IP address from an IP pool. An IP pool defines a single IP address or a range of IP addresses to be used as the source address for the duration of the session. These assigned addresses are used instead of the IP address assigned to that FortiProxy interface.

    Type

    Select IPv4 or IPv6.

    Source Interface

    Select one of the available interfaces from the drop-down list.

    Destination Interface

    Select one of the available interfaces from the drop-down list.

    Source Address

    Source IPv6 Address

    Click +. A window slides out from the right. Here, you can select from the available addresses and address groups. Select one or more items to add to the field. Clicking on an object in this window while it is highlighted removes it from the field. Multiple selections are allowed. For more information on addresses, see Addresses.

    Destination Address

    Destination IPv6 Address

    Click +. A window slides out from the right. Here, you can select from the available addresses and address groups. Select one or more items to add to the field. Clicking on an object in this window while it is highlighted removes it from the field. Multiple selections are allowed. For more information on addresses, see Addresses.

    API Preview

    The API Preview allows you to view all REST API requests being used by the page. You can make changes on the page that are reflected in the API request preview. This feature is not available if the user is logged in as an administrator that has read-only GUI permissions.
    To use the API Preview:

    1. Click API Preview. The API Preview pane opens, and the values for the fields are visible (data). If a new object is being created, the POST request is shown.

    2. Enable Show modified changes only to show the modified changes instead of the full configuration in the preview.

    3. Click Copy to Clipboard to copy the JSON code shown on the preview screen to the clipboard.

    4. Click Close to leave the preview.

    To create a central SNAT policy in the CLI:

    config firewall central-snat-map

    edit <policy_identifier>

    set status {enable | disable}

    set action {bypass | masquerade | ippool}

    set ipv6 {enable | disable}

    set srcintf <source_interface_name>

    set dstintf <destination_interface_name>

    set src-addr <original_address>

    set dst-addr <original_address>

    end

    For example, to create an IPv4 central SNAT policy:

    config firewall central-snat-map

    edit 1

    set status enable

    set action masquerade

    set ipv6 disable

    set srcintf port2

    set dstintf port1

    set src-addr "all"

    set dst-addr "all"

    end

    For example, to create an IPv6 central SNAT policy:

    config firewall central-snat-map

    edit 1

    set status enable

    set action ippool

    set ipv6 enable

    set srcintf port1

    set dstintf port3

    set src-addr6 "all"

    set dst-addr6 "all"

    set nat-ippool6 "pool6"

    end

    Previous
    Next