Text only | Text with Images

OPNsense Forum

English Forums => 24.7, 24.10 Legacy Series => Topic started by: cdsane on October 16, 2024, 07:59:58 PM

Title: Transparent Natting from OPNsense to Fortigate
Post by: cdsane on October 16, 2024, 07:59:58 PM
Hello I need help with regards to making my IPs transparent through OPNsense to FortiGate

Use Case
So I have two firewalls on my network OPNsense as the (user firewall) and Fortigate as the (internet edge firewall). Currently with this setup  when clients connect from the user  firewall and push traffic to the internet through the fortigate the fortiview only sees the WAN IP of the OPNsense and not the client IP connected from the LAN side of the OPNsense.What we want to achieve is that we make the OPNsense side transparent so that when a client connected from lan pushes traffic from the LAN opnsense through to the fortigate to reach the internet  we can inspect the traffic from the forti viewer and see the IP of the client and not the WAN IP of the OPNsense.

Thanks.
Title: Re: Transparent Natting from OPNsense to Fortigate
Post by: Maurice on October 16, 2024, 08:13:26 PM
Simply disable outbound NAT in OPNsense (Firewall: NAT: Outbound).
On the Fortigate, you will have to create static routes (and possibly NAT rules) for the OPNsense LAN subnets.

Cheers
Maurice
Title: Re: Transparent Natting from OPNsense to Fortigate
Post by: cdsane on October 17, 2024, 01:00:47 PM
This worked
Thank you very much
Text only | Text with Images