advertisement
Chapter 17: Advanced Networking
Configure 1-to-1 NAT
You can use 1-to-1 NAT when you want to publish public or “external” IP addresses for FortiADC resources but want the communication among servers on the internal network to be on a private or “internal” IP address range.
illustrates 1-to-1 NAT. The NAT configuration assigns both external and internal (or “mapped”) IP addresses to Interface 1. Traffic from the external side of the connection (such as client traffic) uses the external
IP address and port. Traffic on the internal side (such as the virtual server communication with real servers) uses the mapped IP address and port.
1-to-1 NAT is supported for traffic to virtual servers. The address translation occurs before the ADC has processed its rules, so FortiADC server load balancing policies that match source address (such as content routing and content rewriting rules) should be based on the mapped address space.
The system maintains this NAT table and performs the inverse mapping when it sends traffic from the internal side to the external side.
FortiADC D-Series Handbook
Fortinet Technologies, Inc.
392
Chapter 17: Advanced Networking
Figure 85: One-to-One NAT
393
Before you begin: l l
You must know the IP addresses your organization has provisioned for your NAT design.
You must have Read-Write permission for System settings.
To configure one-to-one NAT:
1. Go to Networking > NAT.
2. Click the 1-to-1 NAT tab.
3. Click Add to display the configuration editor.
4. Complete the configuration as described in
FortiADC D-Series Handbook
Fortinet Technologies, Inc.
advertisement
advertisement