Which NAT mode does FortiGate use by default?

FortiGate uses Source NAT by default, which is designed to translate the source IP address of traffic passing through the firewall. This is commonly done to enable devices on a private network to communicate with external networks while hiding their original IP addresses. When Source NAT is applied, the FortiGate device replaces the private source IP address with a public IP address from its pool of available addresses before sending the traffic out to the internet.

This default behavior helps ensure that internal hosts can reach external resources without exposing their internal IP addresses, allowing for both security and ease of management. Additionally, Source NAT is vital for enabling multi-user environments where multiple devices share a single public IP address, which is typical in many network configurations.

In contrast, Destination NAT, Static NAT, and Dynamic NAT serve different purposes. Destination NAT is used to translate the destination IP address for incoming traffic, while Static NAT involves a one-to-one mapping of private to public IPs. Dynamic NAT allows the use of a pool of public IP addresses for outgoing connections, but is not the default setting. Understanding these differences clarifies why Source NAT is the fundamental setting upon which FortiGate configurations are built.