Technical Tip: Fixed port on firewall policy
Products
FortiGate
FortiGate v5.4
FortiGate v5.6
FortiGate v6.0
FortiGate v6.2
FortiGate v6.4
Description
This article explains how fixed port can be set on firewall policy.
A TCP/IP connection is identified by a four element tuple:
-  source IP,
-  source port,
-  destination IP,
-  destination port.

To establish a TCP/IP connection only a destination IP and port number are needed, the operating system automatically selects source IP and port.

Fortinet Documentation
Technical Tip : Routing with IP Pool Address Configuration – https://kb.fortinet.com/kb/documentLink.do?popup=true&externalID=FD31664

Scope
Fixed Port

Some network configurations do not operate correctly if a NAT policy translates the source port of packets used by the connection. NAT translates source ports to keep track of connections for a particular service.
Randomly selects an IP address from the IP pool and assigns it to each connection:

Solution
From the CLI, enable fixedport when configuring a security policy for NAT policies to prevent source port translation.
#config firewall policy
  edit <ID>
    set fixedport enable
end
However, enabling fixedport means that only one connection can be supported through the firewall for this service.
To be able to support multiple connections, add an IP pool, and then select Dynamic IP pool in the Firewall policy.

Related Articles
Technical Tip : Routing with IP Pool Address Configuration
Last Modified Date: 10-13-2020 Document ID: FD40000