system firewall snat-policy
Use this command to configure a firewall SNAT policy. Firewall SNAT policies translate a matching source IP address to a single IP address or an IP address in an address pool.
Firewall SNAT policies are available in Reverse Proxy, True Transparent Proxy, and Transparent Inspection operating modes.
|
FortiWeb applies a firewall SNAT policy only if IP forwarding is enabled. For details about IP forwarding, see router setting. |
To use this command, your administrator account’s access control profile must have either w or rw permission to the sysgrp area. For details, see Permissions.
Syntax
config system firewall snat-policy
edit policy_name
set out-interface “<egress_port>”
set to “<destination_ipv4_mask>”
set trans-to-ip “<translation_ipv4>”
set trans-to-ip-end “<last_ipv4>”
set trans-to-ip-start “<first_ipv4>”
| Variable | Description | Default |
|
Enter a name that identifies the firewall SNAT policy. Don't use spaces or special characters. The maximum length is 63 characters. |
No default. |
|
|
Enter the IP address and subnet mask to match the source IP address in the packet header that you want to translate. An example |
0.0.0.0/0 |
|
|
Select the interface that FortiWeb will use to forward traffic that matches the from “<source_ipv4_mask>”. |
No default. |
|
|
Enter the IP address and subnet mask to match the destination IP address in the packet header. An example Destination is |
0.0.0.0/0 |
|
|
Enter the IP address that you want to translate the from “<source_ipv4_mask>” to. An example IP address is This option is available only when the trans-to-type {ip | pool} is set to |
0.0.0.0 |
|
|
Enter the last IP address in the SNAT pool. An example IP address is This option is available only when the trans-to-type {ip | pool} is set to |
0.0.0.0 |
|
|
Enter the first IP address in the SNAT pool. An example IP address is This option is available only when the trans-to-type {ip | pool} is set to |
0.0.0.0 |
|
|
Select one of the following:
|
ip |