Firewall
IP Pools for firewall policies that use fixed ports
FortiGate-100A Administration Guide
01-28007-0068-20041203
221
5
Select OK.
To delete an IP pool
1
Go to
Firewall > IP Pool
.
2
Select the Delete icon beside the IP pool you want to delete.
3
Select OK.
To edit a IP pool
1
Go to
Firewall > IP Pool
.
2
For the IP pool that you want to edit, select Edit beside it.
3
Modify the IP pool as required.
4
Select OK to save the changes.
IP Pools for firewall policies that use fixed ports
Some network configurations do not operate correctly if a NAT policy translates the
source port of packets used by the connection. NAT translates source ports to keep
track of connections for a particular service. You can select fixed port for NAT policies
to prevent source port translation. However, selecting fixed port means that only one
connection can be supported through the firewall for this service. To be able to
support multiple connections, you can add an IP pool to the destination interface, and
then select dynamic IP pool in the policy. The firewall randomly selects an IP address
from the IP pool and assigns it to each connection. In this case the number of
connections that the firewall can support is limited by the number of IP addresses in
the IP pool.
IP pools and dynamic NAT
You can use IP pools for dynamic NAT. For example, your organization might have
purchased a range of Internet addresses but you might have only one Internet
connection on the external interface of your FortiGate unit.
You can assign one of your organization’s Internet IP addresses to the external
interface of the FortiGate unit. If the FortiGate unit is operating in NAT/Route mode, all
connections from your network to the Internet appear to come from this IP address.
If you want connections to originate from all your Internet IP addresses, you can add
this address range to an IP pool for the external interface. Then you can select
Dynamic IP Pool for all policies with the external interface as the destination. For each
connection, the firewall dynamically selects an IP address from the IP pool to be the
source address for the connection. As a result, connections to the Internet appear to
be originating from any of the IP addresses in the IP pool.
Summary of Contents for FortiGate 100A
Page 12: ...Contents 12 01 28007 0068 20041203 Fortinet Inc ...
Page 24: ...24 01 28007 0068 20041203 Fortinet Inc FortiLog documentation Introduction ...
Page 72: ...72 01 28007 0068 20041203 Fortinet Inc Transparent mode VLAN settings System network ...
Page 80: ...80 01 28007 0068 20041203 Fortinet Inc DHCP IP MAC binding settings System DHCP ...
Page 114: ...114 01 28007 0068 20041203 Fortinet Inc Access profile options System administration ...
Page 232: ...232 01 28007 0068 20041203 Fortinet Inc Profile CLI configuration Firewall ...
Page 244: ...244 01 28007 0068 20041203 Fortinet Inc peergrp Users and authentication ...
Page 276: ...276 01 28007 0068 20041203 Fortinet Inc ipsec vip VPN ...
Page 338: ...338 01 28007 0068 20041203 Fortinet Inc Configuring the banned word list Spam filter ...
Page 356: ...356 01 28007 0068 20041203 Fortinet Inc syslogd setting Log Report ...
Page 374: ...374 01 28007 0068 20041203 Fortinet Inc Index ...