I am currently having some issues with TCP port reused too often (under 2 minutes) for a source NAT and I was wandering what is the algorithm used to select the IP and port for a SNAT.
Here is some context: I have an entire network (10.0.0.0/8, tons of users) accessing internet through one firewal (it happens to be a Fortigate).
We have a public address pool (let's says 1.2.3.0/27) to NAT all these clients IP addresses.
How will my router/firewall decide what IP address to NAT to and what source port to use?
Is this vendor specific? Do you know of any implementation that you could explain to me?
I hope my questions are clear :)
Regards,
Pierre
No comments:
Post a Comment