Double Nat: Combining Ip Pool With Virtual Ip - Fortinet FortiGate Series Administration Manual

Double NAT: combining IP pool with virtual IP

Double NAT: combining IP pool with virtual IP
466
Figure 262: New Dynamic IP Pool
Name Enter the name of the IP pool.
Interface Select the interface to which to add an IP pool.
IP Range/Subnet Enter the IP address range for the IP pool. The IP range defines the start and
end of an address range. The start of the range must be lower than the end of
the range. The start and end of the IP range does not have to be on the same
subnet as the IP address of the interface to which you are adding the IP pool.
When creating a firewall policy, you can use both IP pool and virtual IP for double IP
and/or port translation.
For example, in the following network topology:
• Users in the 10.1.1.0/24 subnet use port 8080 to access server 172.16.1.1.
• The server's listening port is 80.
• Fixed ports must be used.
Figure 263: Double NAT
To allow the local users to access the server, you can use fixed port and IP pool to allow
more than one user connection while using virtual IP to translate the destination port from
8080 to 80.
To create an IP pool
1 Go to Firewall > Virtual IP > IP Pool.
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/
Firewall Virtual IP
• Feedback