Configure Outbound NAT in FortiGate with CLI

Leave a Comment / By /

Steps to configure Outbound NAT in FortiGate with CLI

  1. Ubuntu is accessing Internet via 121.121.43.50, and we would like to change it to 121.121.43.51
curl -4 icanhazip.com
121.121.43.50
  1. Create an object for Internal Server
config firewall address
    edit "wp5"
        set subnet 192.168.1.250 255.255.255.255
    end
  1. Create an IP POOL for public IP Address
config firewall ippool
    edit "121.121.43.51"
        set type one-to-one
        set startip 121.121.43.51
        set endip 121.121.43.51
        set arp-reply disable 
    end
  1. Create Firewall Policy to NAT the traslate the outgoing IP to 121.121.43.51
config firewall policy
    edit 4
        set name "Outbound NAT-121.121.43.51"
        set srcintf "internal"
        set dstintf "wan1"
        set srcaddr "wp5"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set logtraffic disable
        set ippool enable
        set poolname "121.121.43.51"
        set nat enable
    end
  1. Move the policy 4 created in Step 4 to top
<br />move 1 after 4

#Verify the order
get firewall policy
== [ 4 ]
policyid: 4
== [ 1 ]
policyid: 1
== [ 2 ]
policyid: 2
== [ 20 ]
policyid: 20

FortiVM-ONAT-01

  1. ubuntu server is using the new IP Address for outgoing traffic now
curl -4 icanhazip.com
121.121.43.51

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top