Double NAT port forwarding with a Fortigate

If you are unfortunate enough to have to deal with double NAT on your gateway then you might know the troubles surrounding portforwarding or VIPs. Here is a quick how to guide for setting up a port forward on a Forgate where double NAT is inplace.

Case Study – Plex port forward

Plex is a great tool for managing your personal media collection and it gets even better when you enable a port forward to let you access this collection from anywhere in the world. Whilst Plex ahve made a number of changes to allow you to reach your contect via a relay server, the best way to access your content from outside your LAN is by using a port forward.

Double NAT means that there is a device runing NAT service in front of your NAT enabled default gateway – this can make portforwards difficult.

I started by setting the ‘WAN IP’ of my Fortigate to a DMZ IP on the border NAT device – this will prevent any port foltering or firewall restrictions on traffic destined for the Fortigate.

Next when creating your VIP, use the following config:

NOTE: I am currently using WAN2 as the primary WAN conenction on my Fortigate.

One Reply to “Double NAT port forwarding with a Fortigate”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: