Fortinet Firewall Live!
Fortinet Firewall Live!
Starts 20th SEP @9 AM IST | Hands-On Lab Access | By Amar
Day
Hr
Min
Sec
Register for Free!
USD ($)
$
United States Dollar
India Rupee
Your cart is empty
Empty notifications

Security Policy and Nat For Inside

Lesson 5/25 | Study Time: 60 Min
Course: Fortinet Firewall Fundamental Lab
Security Policy and Nat For Inside

Objective:

Allow Inside users to browse the internet by creating firewall security policies and enabling source NAT (IP masquerading).

Step 1: Create Security Policy (Inside to Untrust)

From the GUI:

1. Go to Policy & Objects > Firewall Policy

2. Click Create New

● Name: Inside-to-Untrust

● Incoming Interface: port2 (Inside-Zone)

● Outgoing Interface: port1 (Untrust-Zone)

● Source: all (or create an address object for Inside subnet: 192.168.1.0/24)

● Destination: all

● Schedule: always

● Service: ALL

● Action: ACCEPT

● NAT: Enable

3. Use Outgoing Interface Address

4. Click OK

From the CLI:

!

config firewall policy

    edit 1

        set name "LAN-to-Internet"

        set srcintf "port2"

        set dstintf "port1"

        set srcaddr "all"

        set dstaddr "all"

        set action accept

        set schedule "always"

        set service "ALL"

        set nat enable

    next

end

!

Step 2: Verification:

1. Test Internet from Inside PC:

Open browser → try http://www.uninets.com

2. Use command prompt:

ping 8.8.8.8

nslookup google.com

3. You should receive replies. If not:

 Double-check the policy’s source/destination interfaces.

 Make sure NAT is enabled.

 Ensure PC is pointing to 192.168.1.1 as default gateway.

4. Optional Logging:

From the GUI, in policy settings, enable:

Log Allowed Traffic → All Sessions

Generate the traffic on Inside PC and check the logs.

Go to Log & Report > Forward Traffic to monitor traffic flow.

Previous Lesson Next Lesson
Deepak Sharma

Deepak Sharma

Product Designer
★★★★★ 4.92
Faithful User
Expert Vendor
Golden Classes
King Seller
Fantastic Support
Loyal Writer
Profile Book a Meeting

Class Sessions

1- test lesson 2- Initial Setup Configurations 3- Creating Zones and Assigning Ports 4- Configuring Default Route 5- Security Policy and Nat For Inside 6- Security Policy and NAT for DMZ 7- Restrict Internet Access for DMZ 8- Configure Static NAT 9- Configuring Fortinet Access 10- Configuring Central NAT Table 11- Configure Security Policy 12- Logging & Monitoring Fortinet​ 13- Lab 1: Initial Setup Configurations 14- Lab 2: Creating Zones and Assigning Ports 15- Lab 3: Configuring Default Route 16- Lab 4: Security Policy and Nat For Inside 17- Lab 5: Security Policy and NAT for DMZ 18- Lab 6: Restrict Internet Access for DMZ 19- Lab 7: Configure Static NAT (VIP) 20- Lab 8: Configuring Fortinet Access 21- Lab 9: Configuring Central NAT Table 22- Lab 10: Configure Security Policy 23- Lab 11: Logging and Monitoring Fortinet 24- Topology Diagram 25- Lab Details and Table Of Content