LAB Configuring FortiGate in NAT-Route Mode

LAB Configuring FortiGate in NAT-Route Mode

Posted on Jan 13, 2020 (0)

LAB Configuring FortiGate in NAT-Route Mode

In the mode you will learn when a Fortigate is installed between LAN and Internet/WAN then how user inside LAN access the WAN network or internet network. In this Mode Fortigate hide the private IP address of the users and provides the access to network.


  • Configure Interface as Internal as IP
  • Configure Interface as External as IP
  • Configure PC with IP
  • Add default route pointing towards
  • Create a policy to allow from Internal Interface to External Interface with Source All and Destination All and enable NAT Section.
  • Also Enable Logging Section.


Step1: Configuring the FortiGate’s interfaces

Go to Network > Interfaces and edit the Internet-facing interface (in the example, External). If the fortunate is connected directly select Manual and provide the IP address provided by ISP.

Edit the LAN interface (called internal on some FortiGate models). Make sure the interface's Role is set to LAN.

Step2: Adding a default route

Go to Network > Static Routes and create a new route and add default route pointing to ISP.

Step 3: Creating a policy to allow traffic from the internal network to the Internet

Go to Policy & Objects > IPv4 Policy and create a new policy

Provide all input as described in below figure and also turn on NAT and make sure Use Outgoing Interface Address is selected.

Scroll down to view the Logging Options. In order to view the results later, enable Log Allowed Traffic and select All Sessions.

Now once you browse internet or ping from your machine , you will get logs as per below figure.


    You are will be the first.


Please login here to comment.