Configure Outbound NAT in FortiGate with CLI

Steps to configure Outbound NAT in FortiGate with CLI

  1. Ubuntu is accessing Internet via, and we would like to change it to
curl -4
  1. Create an object for Internal Server
config firewall address
    edit "wp5"
        set subnet
  1. Create an IP POOL for public IP Address
config firewall ippool
    edit ""
        set type one-to-one
        set startip
        set endip
        set arp-reply disable 
  1. Create Firewall Policy to NAT the traslate the outgoing IP to
config firewall policy
    edit 4
        set name "Outbound NAT-"
        set srcintf "internal"
        set dstintf "wan1"
        set srcaddr "wp5"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set logtraffic disable
        set ippool enable
        set poolname ""
        set nat enable
  1. Move the policy 4 created in Step 4 to top
<br />move 1 after 4

#Verify the order
get firewall policy
== [ 4 ]
policyid: 4
== [ 1 ]
policyid: 1
== [ 2 ]
policyid: 2
== [ 20 ]
policyid: 20


  1. ubuntu server is using the new IP Address for outgoing traffic now
curl -4

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top