Transparent Natting from OPNsense to Fortigate

Started by cdsane, October 16, 2024, 07:59:58 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 16, 2024, 07:59:58 PM
Hello I need help with regards to making my IPs transparent through OPNsense to FortiGate

Use Case
So I have two firewalls on my network OPNsense as the (user firewall) and Fortigate as the (internet edge firewall). Currently with this setup  when clients connect from the user  firewall and push traffic to the internet through the fortigate the fortiview only sees the WAN IP of the OPNsense and not the client IP connected from the LAN side of the OPNsense.What we want to achieve is that we make the OPNsense side transparent so that when a client connected from lan pushes traffic from the LAN opnsense through to the fortigate to reach the internet  we can inspect the traffic from the forti viewer and see the IP of the client and not the WAN IP of the OPNsense.

Thanks.
October 16, 2024, 08:13:26 PM #1
Simply disable outbound NAT in OPNsense (Firewall: NAT: Outbound).
On the Fortigate, you will have to create static routes (and possibly NAT rules) for the OPNsense LAN subnets.

Cheers
Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
October 17, 2024, 01:00:47 PM #2
This worked
Thank you very much
Print
Go Up Pages1
User actions