{"id":1905,"date":"2013-07-11T14:20:09","date_gmt":"2013-07-11T07:20:09","guid":{"rendered":"http:\/\/www.jaringankita.com\/blog\/?p=1905"},"modified":"2014-01-07T14:48:43","modified_gmt":"2014-01-07T07:48:43","slug":"fortigate-static-nat-configuration","status":"publish","type":"post","link":"https:\/\/www.jaringankita.com\/blog\/fortigate-static-nat-configuration","title":{"rendered":"Fortigate Static NAT Configuration"},"content":{"rendered":"

Fortigate Static NAT Configuration<\/strong><\/p>\n

\n

We will give an example on how to configure static NAT in Fortigate. In this example, we use the WAN 1 Interface<\/strong> of the FortiGate unit is connected to the Internet and\u00a0the Internal interface<\/strong> is connected to the DMZ network. We need to access one of the DMZ servers which is 10.0.10.100 from the Internet for any services.\u00a0(Please note that this example is using\u00a0\u00a0v4.0,build0535,120511 (MR3 Patch 7)\u00a0<\/strong>).<\/p>\n

Let say the Internet IP address blocks that we get from the Internet Service Provider are 200.200.100.0\/24\u00a0<\/strong>and we want to NAT the IP Address 200.200.100.100<\/strong> into our web server IP Address 10.0.10.100.\u00a0<\/strong><\/p>\n

\"jaringankita_fortigate\"<\/a>

Example Topology<\/p><\/div>\n

<\/p>\n

Before we can access the NAT IP Address, we have to create a Virtual IP using the following steps:<\/p>\n

    \n
  1. Go to Firewall Objects > Virtual IP > Virtual IP.<\/strong><\/li>\n
  2. Select Create New<\/strong>.<\/li>\n
  3. Complete the following and select OK<\/strong>.<\/li>\n<\/ol>\n
      \n
        \n
      • Name : Web_Server_NAT (can be filled with any names)<\/strong><\/li>\n
      • External Interface \u00a0: wan1<\/strong><\/li>\n
      • Type \u00a0: Static NAT<\/strong><\/li>\n
      • External IP Address\/Range: 200.200.100.100<\/strong><\/li>\n
      • Mapped IP Address\/Range: 10.0.10.100<\/strong><\/li>\n
      • No Port Forwarding Selected<\/li>\n<\/ul>\n<\/ul>\n

        After finishing create the Virtual IP then Create the Policy using the following steps:<\/p>\n

          \n
        1. Go to Policy> Policy > Policy \u00a0and select \u00a0Create New<\/strong><\/li>\n
        2. Complete the following and select OK<\/strong>.<\/li>\n
        3. Here is the form:<\/li>\n<\/ol>\n
            \n
              \n
            • Source Interface\/Zone:\u00a0<\/span>wan1<\/strong><\/li>\n
            • Source Address:\u00a0<\/span>All<\/strong><\/li>\n
            • Destination\u00a0Interface\/Zone:\u00a0<\/span>Internal<\/strong><\/li>\n
            • Destination Address:\u00a0<\/span>Web_Server_NAT (select from the one we have created on above steps)<\/strong><\/li>\n
            • Schedule :\u00a0<\/span>always<\/strong><\/li>\n
            • Service :\u00a0<\/span>ANY<\/strong><\/li>\n
            • Action:\u00a0<\/span>ACCEPT<\/strong><\/li>\n
            • Select the NAT<\/strong> option<\/li>\n
            • Select OK<\/strong><\/li>\n<\/ul>\n<\/ul>\n

              After completing all the steps above then test using ping to 200.200.100.100 from Internet and it should be success.<\/p>\n

              Article\u00a0Fortigate Static NAT Configuration\u00a0<\/strong>is written by JK.<\/em><\/p>\n

              (JK)<\/p>\n","protected":false},"excerpt":{"rendered":"

              Fortigate Static NAT Configuration We will give an example on how to configure static NAT in Fortigate. In this example, we use the WAN 1 Interface of the FortiGate unit is connected to the Internet and\u00a0the Internal interface is connected to the DMZ network. We need to access one of the DMZ servers which is […]<\/p>\n","protected":false},"author":6,"featured_media":1913,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[765],"tags":[836,75,124,1061],"class_list":["post-1905","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledge-base","tag-featured","tag-fortigate","tag-interface","tag-nat-static"],"_links":{"self":[{"href":"https:\/\/www.jaringankita.com\/blog\/wp-json\/wp\/v2\/posts\/1905","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jaringankita.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jaringankita.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jaringankita.com\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jaringankita.com\/blog\/wp-json\/wp\/v2\/comments?post=1905"}],"version-history":[{"count":13,"href":"https:\/\/www.jaringankita.com\/blog\/wp-json\/wp\/v2\/posts\/1905\/revisions"}],"predecessor-version":[{"id":1968,"href":"https:\/\/www.jaringankita.com\/blog\/wp-json\/wp\/v2\/posts\/1905\/revisions\/1968"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.jaringankita.com\/blog\/wp-json\/wp\/v2\/media\/1913"}],"wp:attachment":[{"href":"https:\/\/www.jaringankita.com\/blog\/wp-json\/wp\/v2\/media?parent=1905"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jaringankita.com\/blog\/wp-json\/wp\/v2\/categories?post=1905"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jaringankita.com\/blog\/wp-json\/wp\/v2\/tags?post=1905"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}