Chapter 3. NAT

3.1 Source NAT

Learning Objectives

  • Configure a NAT policy in FortiGate
  • Identify source NAT
Scenario: We are going to enable Source NAT (SNAT) to reach the Internet from Kali. That means that all traffic from the local network to the Internet should be allowed.

 

Source NAT main scenario
Figure 3.1: Main scenario

Source NAT

Table 3.1: Devices configuration
Device IP address Access
Kali DHCP Client
WordPress/Kali DHCP Client
Ethernet Switch
FortiGate Port 2 – (192.168.1.1/24) – DHCP Server (192.168.1.10 to 192.168.1.20)

Port 3 – DHCP Client

Port 4 – 10.10.10.1/24

ICMP-HTTP-HTTPS
WebTerm 10.10.10.2/24

Basic Configuration

  1. Port configuration in the firewall as follows:
    Port configuration in the firewall
    Figure 3.2: Ports configuration in the firewall
  2. Set a DHCP server on interface port2 (Range of IP address should be: 192.168.1.10 to 192.168.1.20, DNS: 4.2.2.4).
    Set a DHCP server on interface port2
    Figure 3.3: DHCP Server configuration
  3. Set port3 as a DHCP client and connect to the NAT.
    Set port3 as a DHCP client and connect to the NAT
    Figure 3.4: DHCP client configuration
  4. Set a static route in the firewall to reach to NAT object.
    Set static route in the firewall to reach to NAT object
    Figure 3.5: Set a static route
  5. Go to Policy & Objects > Firewall Policy section, click Create New to add a new firewall policy, and configure the following settings:
    • Name: LocalToInternet
    • From inside to outside (port2 to port3)
    • Source: Create an address for the local network (Subnet: 192.168.1.0/24)
    • Destination: all
    • Schedule: Always
    • Service: Only HTTP, HTTPS, and DNS
    • Action: Accept
    Configure Firewall Policy and enable NAT
    Figure 3.6: Configure Firewall Policy and enable Source NAT
  6. Open the browser in Kali, you should be able to access the internet.
    you should be able to access the internet.
    Figure 3.7: Verify your configuration

License

Icon for the Creative Commons Attribution 4.0 International License

FortiGate Firewall Copyright © 2023 by Hamid Talebi is licensed under a Creative Commons Attribution 4.0 International License, except where otherwise noted.

Share This Book