Chapter 3. NAT
3.1 Source NAT
Learning Objectives
- Configure a NAT policy in FortiGate
- Identify source NAT
Scenario: We are going to enable Source NAT (SNAT) to reach the Internet from Kali. That means that all traffic from the local network to the Internet should be allowed.
Source NAT
Device | IP address | Access |
---|---|---|
Kali | DHCP Client | – |
WordPress/Kali | DHCP Client | – |
Ethernet Switch | – | – |
FortiGate | Port 2 – (192.168.1.1/24) – DHCP Server (192.168.1.10 to 192.168.1.20)
Port 3 – DHCP Client Port 4 – 10.10.10.1/24 |
ICMP-HTTP-HTTPS |
WebTerm | 10.10.10.2/24 | – |
Basic Configuration
- Port configuration in the firewall as follows:
- Set a DHCP server on interface port2 (Range of IP address should be: 192.168.1.10 to 192.168.1.20, DNS: 4.2.2.4).
- Set port3 as a DHCP client and connect to the NAT.
- Set a static route in the firewall to reach to NAT object.
- Go to Policy & Objects > Firewall Policy section, click Create New to add a new firewall policy, and configure the following settings:
- Name: LocalToInternet
- From inside to outside (port2 to port3)
- Source: Create an address for the local network (Subnet: 192.168.1.0/24)
- Destination: all
- Schedule: Always
- Service: Only HTTP, HTTPS, and DNS
- Action: Accept
- Open the browser in Kali, you should be able to access the internet.