Latest

Home / Fortinet / Security / Part 3: Installing a FortiGate in NAT/Route mode

Part 3: Installing a FortiGate in NAT/Route mode

January 20, 2023 ,

Installing a FortiGate in NAT/Route mode

The FortiGate next-generation firewalls (NGFW) from Fortinet offer businesses the best defense against web-based network risks, such as intrusion techniques and known and unknowable dangers. 

FortiGate firewalls expand and reinforce an enterprise's entire security efforts from the network edge to the core whether they are deployed on-premise, through virtual hardware, or in the cloud.

NAT/Route mode
A FortiGate unit is placed as a gateway or router between two networks in NAT/Route mode. This enables the FortiGate to conceal the private network's IP addresses using network address translation (NAT).

Fig 1.1-FortiGate in NAT/Route mode

Installing a FortiGate in NAT/Route mode

Step 1: Go to Network > Interfaces and edit the Internet-facing interface

Set Addressing Mode to Manual and the IP/Netmask to the public IP address that your ISP has given you if your FortiGate is directly connected to them.

Step 2: Go to Network> Static Routes and create a new route.

Set the Device to the Internet-facing interface, the Destination to Subnet (this destination type lets you enter a numeric IP address or subnet), the Destination IP/Mask to 0.0.0.0/0.0.0.0, and the Gateway to the gateway (or default route) offered by your ISP or to the next hop router, depending on your network requirements.

Step 3: Go to Policy & Objects > IPv4 Policy and create a new policy. Give the policy a Name that indicates that the policy will be for traffic to the Internet

Change the Outgoing Interface to the Internet-facing interface and the Incoming Interface to the LAN interface. Set the Schedule, Services, Source, and Destination Addresses as necessary.

Ensure that ACCEPT is selected for the Action. Make sure Use Outgoing Interface Address is chosen before turning on NAT.

Other Articles you may interested in:
++++++++++++++++++++++++++++++++++++++++++++++++++++
Security: FortiGate to SonicWall VPN Tunnel setup - The Network DNA
Site-to-Site IPsec VPN Tunnel with two FortiGate Firewalls - The Network DNA
Default route on FortiGate Firewalls - The Network DNA
Web Filtering on Fortinet Firewalls - The Network DNA
Introduction to Fortinet SDWAN - The Network DNA
Part 1: FortiGate Firewalls Modes - The Network DNA
Part 2: Installing a FortiGate Firewall in Transparent mode - The Network DNA
+++++++++++++++++++++++++++++++++++++++++++++++++++