Scribd
Upload
21 views5 pages

49-Policy Source Interface Overload NAT Lab

Uploaded by

Ismail Kurnaz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
21 views5 pages

49-Policy Source Interface Overload NAT Lab

Uploaded by

Ismail Kurnaz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Policy Source Interface Overload NAT Lab:

Basic Configuration of Devices


PC1 address 192.168.1.1
netmask 255.255.255.0
gateway 192.168.1.100
up echo nameserver 8.8.8.8 > /etc/resolv.conf
PC2 address 192.168.1.2
netmask 255.255.255.0
gateway 192.168.1.100
up echo nameserver 8.8.8.8 > /etc/resolv.conf
PC3 address 192.168.1.3
netmask 255.255.255.0
gateway 192.168.1.100
up echo nameserver 8.8.8.8 > /etc/resolv.conf
Server address 192.168.1.4
netmask 255.255.255.0
gateway 192.168.1.100
up echo nameserver 8.8.8.8 > /etc/resolv.conf
RemoteServer address 192.168.122.120
netmask 255.255.255.0
gateway 192.168.122.100
up echo nameserver 8.8.8.8 > /etc/resolv.conf
RemotePC address 192.168.122.110
netmask 255.255.255.0
gateway 192.168.122.100
up echo nameserver 8.8.8.8 > /etc/resolv.conf

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


Login to FortiGate Firewall type http://192.168.122.100 in any browser.

Configure Interfaces:
Go to Network>Interfaces select port1 Click Edit in Alias type WAN, change the Address Mode to Manual
type IP/Netmask 192.168.122.100/24, in Administrative access leave all the rest of configuration default
and press OK button.

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


Go to Network>Interfaces select port2 Click Edit in Alias type LAN, change the Address Mode to Manual
type IP/Netmask 192.168.1.100/24, in Administrative access only checked PING leave all the rest of
configuration default & press OK.

DNS Configuration:
Go to Network > DNS , click on Specify and enter in primary / secondary DNS servers. In Primary DNS
Server, type the IP address of the primary DNS server 8.8.8.8. In Secondary DNS Server, type the IP
address of the secondary DNS server 8.8.4.4. Click Apply button to save the changes.

Default Route Configuration:

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


To create a new default route, go to Network > Static Routes and create a static route for ISP. Set
Destination to Subnet and leave the destination IP address set to 0.0.0.0/0.0.0.0. Set Gateway to the IP
address provided by your ISP and Interface to the Internet-facing interface in my case 192.168.122.2
which my VM8 VMware Workstation Gateway. Set the Interface to the WAN interface. Press OK to Save
the changes.

Go to Policy & Objects > IPv4 Policy Enable NAT and choose Use Outgoing Interface Address.

Verification & Testing:

4 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717


When the clients in internal network need to access servers in external network, we need to translate IP
addresses from 192.168.1.0/24 to an IP address 192.168.122.100. For packets that match this policy, its
source IP address is translated to the IP address of the outgoing interface.
Let’s visit from all three PCs (PC1, PC2 and PC3) to RemoteServer 192.168.122.10.

5 | P a g e Created by Ahmad Ali E-Mail: [email protected] , Mobile: 056 430 3717

You might also like