Skip to content

[MWAN] Fortinet nat-t #21468

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Apr 7, 2025
Merged

[MWAN] Fortinet nat-t #21468

Changes from 3 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
6ef4145
added nat-t
marciocloudflare Mar 31, 2025
44a98ba
refined text
marciocloudflare Apr 7, 2025
a559e2e
added link
marciocloudflare Apr 7, 2025
4924702
Apply suggestions from code review
marciocloudflare Apr 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions src/content/docs/magic-wan/configuration/manually/third-party/fortinet.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,28 @@ config system settings
end
```

### Configure NAT-T (optional)

If you have NAT traversal (NAT-T) on your network you need to enable this feature and initiate IKE communications on port `4500`.

To set the IKE port add the following to your system settings:

```txt
config system settings
set ike-port 4500
end
```

To enable NAT-T add `set nattraversal enable` to the IPsec tunnels you are configuring.

```txt
fortigate # config vpn ipsec phase1-interface
edit "<NAME_OF_YOUR_TUNNEL>"
set nattraversal enable
```

Refer to [Fortinet's documentation](https://community.fortinet.com/t5/FortiGate/Technical-Tip-IPSec-VPN-NAT-traversal/ta-p/197873) for more details.

### Disable anti-replay protection

For route-based IPsec configurations, you will need to disable anti-replay protection. The command below disables anti-replay protection globally, but you can also do this per firewall policy. Refer to Fortinet's documentation on [anti-replay support per policy](https://community.fortinet.com/t5/FortiGate/Technical-Tip-Anti-Replay-option-support-per-policy/ta-p/191435) to learn more.
Expand Down
Loading