Working with sNAT

This topic provides a sample configuration for sNAT on a vFSA appliance. With this configuration, a private node that is routed behind the gateway can communicate with the outside world.

# sNAT configuration example

#enable central-nat
config system settings
    set central-nat enable
end

#set up sNAT
config firewall central-snat-map
    edit 1
        set srcintf "VLAN_1"
        set dstintf "agg1"
        set orig-addr "all"
        set dst-addr "all"
    next
end

#set up firewall to specify allowed service
config firewall policy
    edit 10
        set srcintf "VLAN_1"
        set dstintf "agg1"
        set action accept
        set srcaddr "all"
        set dstaddr "all"
        set schedule "always"
        set service "PING" "HTTPS"
    next
end

To configure NAT for the IBM Cloud® Virtual FortiGate Security Appliance, refer to this configuration guide on the Fortinet website.