Fortinet fortigate-100a Betriebsanweisung
Firewall
IP pools and dynamic NAT
FortiGate-100A Administration Guide
01-28006-0068-20041105
221
IP pools and dynamic NAT
You can use IP pools for dynamic NAT. For example, your organization might have
purchased a range of Internet addresses but you might have only one Internet
connection on the external interface of your FortiGate unit.
purchased a range of Internet addresses but you might have only one Internet
connection on the external interface of your FortiGate unit.
You can assign one of your organization’s Internet IP addresses to the external
interface of the FortiGate unit. If the FortiGate unit is operating in NAT/Route mode, all
connections from your network to the Internet appear to come from this IP address.
interface of the FortiGate unit. If the FortiGate unit is operating in NAT/Route mode, all
connections from your network to the Internet appear to come from this IP address.
If you want connections to originate from all your Internet IP addresses, you can add
this address range to an IP pool for the external interface. Then you can select
Dynamic IP Pool for all policies with the external interface as the destination. For each
connection, the firewall dynamically selects an IP address from the IP pool to be the
source address for the connection. As a result, connections to the Internet appear to
be originating from any of the IP addresses in the IP pool.
this address range to an IP pool for the external interface. Then you can select
Dynamic IP Pool for all policies with the external interface as the destination. For each
connection, the firewall dynamically selects an IP address from the IP pool to be the
source address for the connection. As a result, connections to the Internet appear to
be originating from any of the IP addresses in the IP pool.
Protection profile
Use protection profiles to apply different protection settings for traffic that is controlled
by firewall policies. You can use protection profiles to:
by firewall policies. You can use protection profiles to:
• Configure antivirus protection for HTTP, FTP, IMAP, POP3, and SMTP policies
• Configure web filtering for HTTP policies
• Configure web category filtering for HTTP policies
• Configure spam filtering for IMAP, POP3, and SMTP policies
• Enable IPS for all services
• Configure web filtering for HTTP policies
• Configure web category filtering for HTTP policies
• Configure spam filtering for IMAP, POP3, and SMTP policies
• Enable IPS for all services
Using protection profiles, you can customize types and levels of protection for different
firewall policies.
firewall policies.
For example, while traffic between internal and external addresses might need strict
protection, traffic between trusted internal addresses might need moderate protection.
You can configure policies for different traffic services to use the same or different
protection profiles.
protection, traffic between trusted internal addresses might need moderate protection.
You can configure policies for different traffic services to use the same or different
protection profiles.
Protection profiles can be added to NAT/Route mode and Transparent mode policies.
This section describes:
•
•
•
•
•