Fortinet black logo

1:1 NAT considerations

Copy Link
Copy Doc ID 569cbe57-afbf-11ec-9fd1-fa163e15d75b:699411
Download PDF

1:1 NAT considerations

Note

Applies to 1:1 NAT with public, static IP addresses; does not apply to 1:1 NAT with public, dynamic IP addresses.

Configure the management address setting on a FortiManager that is behind a NAT device so the FortiGate can use IP port 541 to initiate an FGFM tunnel to the FortiManager.

When a FortiGate is discovered by a FortiManager that is behind a NAT device, the FortiManager does NOT automatically set the IP Address on the FortiGate. This prevents the FortiGate from pointing to the FortiManager's private IP address and initiating the FortiGate-FortiManager (FGFM) tunnel to the FortiManager.

By configuring the management address setting in the CLI, FortiManager knows the public IP and can configure it on the FortiGate.

You can use the CLI to configure the management address when the NAT device in front of the FortiManager has a static 1:1 NAT rule

To configure the management address with the CLI:

config system admin setting

set mgmt-addr "x.x.x.x"

** Detail **

1:1 NAT considerations

Note

Applies to 1:1 NAT with public, static IP addresses; does not apply to 1:1 NAT with public, dynamic IP addresses.

Configure the management address setting on a FortiManager that is behind a NAT device so the FortiGate can use IP port 541 to initiate an FGFM tunnel to the FortiManager.

When a FortiGate is discovered by a FortiManager that is behind a NAT device, the FortiManager does NOT automatically set the IP Address on the FortiGate. This prevents the FortiGate from pointing to the FortiManager's private IP address and initiating the FortiGate-FortiManager (FGFM) tunnel to the FortiManager.

By configuring the management address setting in the CLI, FortiManager knows the public IP and can configure it on the FortiGate.

You can use the CLI to configure the management address when the NAT device in front of the FortiManager has a static 1:1 NAT rule

To configure the management address with the CLI:

config system admin setting

set mgmt-addr "x.x.x.x"

** Detail **