Chapter 3 – NAT
3-1 Source NAT
Learning Objectives
- Configure a NAT policy in FortiGate
- Identify source NAT
Scenario: We are going to enable Source NAT(SNAT) to reach the Internet from Kali. That means that all traffic from the local network to the Internet should be allowed.
Source NAT
| Device | IP address | Access |
| Kali | DHCP Client | – |
| WordPress/Kali | DHCP Client | – |
| Ethernet Switch | – | – |
| FortiGate | Port 2 – ( 192.168.1.1/24) – DHCP Server ( 192.168.1.10-192.168.1.20)
Port 3 – DHCP Client Port 4 – 10.10.10.1/24 |
ICMP-HTTP-HTTPS |
| WebTerm | 10.10.10.2/24 | – |
Basic Configuration
1- Port configuration in the firewall as follows:
2- Set a DHCP server on interface port2 (Range of IP address should be: 192.168.1.10- 192.168.1.20, DNS: 4.2.2.4)
3- Set port3 as a DHCP client and connect to the NAT.
4- Set a static route in the firewall to reach to NAT object.
5- Go to Policy & Objects > Firewall Policy section, click Create New to add a new firewall policy ,and configure the following settings:
-
-
- Name: LocalToInternet
- From inside to outside (port2 to port3)
- Source: Create an address for the local network (Subnet: 192.168.1.0/24)
- Destination: all
- Schedule: Always
- Service: Only HTTP, HTTPS, and DNS
- Action: Accept
-
6- Open the browser in Kali, you should be able to access the internet.
