쫑콩아빠의 지금 이 순간...

https://www.gigamon.com/products/optimize-traffic/traffic-intelligence/gigasmart/source-port-labeling.html

Identify each packet's entry point

The Source Port Labeling feature of the GigaSMART® engine provides context to packets and allows tools to properly assess network behavior and threats based on where they are happening in the network. When a packet arrives into the Gigamon® Visibility Platform, it could have come from one of dozens or hundreds of network access points.

Before forwarding the packet to a monitoring or security tool, Source Port Labeling adds a trailer to the packet that identifies on which port the packet arrived. The tool can query the Gigamon Visibility Platform using the Rest API and look up the Cisco Discovery Protocol (CDP) or Link Layer Discovery Protocol (LLDP) information associated with the packet’s source port to know exactly where in the network problems or threats reside.

Benefits of the Source Port Labeling feature

• Accurately analyze traffic aggregated from multiple collection points.
• Correlate traffic with CDP/LLDP information on the network.
• Identify incorrect cabling of taps and SPAN ports and verify accuracy of flow maps.

## Dynamic source NAT without changing the source port (one-to-one source NAT)

# Problem


Some protocols or services will only function if they use a specific source port, or a source port that does not change. Normally source NAT changes the source port to allow multiple simultaneous sessions. 

# Solution

You can select the fixed port option to restrict the FortiGate unit to not translate the source port. This results in a one-to-one NAT configuration. One-to-one NAT limits the number of simultaneous sessions that are supported because one variable for tracking sessions (the source port number) is no longer available. To allow more sessions, one-to-one NAT is normally used with multiple external IPs added to an IP pool. 

In this example, you enable one-to-one NAT by enabling the fixed port option in a security policy and adding an IP pool containing three IP addresses: 172.20.120.[13-15]. The fixed port option is enabled from the CLI so this entire example is configured from the CLI.

1 Enter the following command to add the IP pool:

config firewall ippool

edit Dynamic-Source

set startip 172.20.120.13

set endip 172.20.120.15

end

2 Enter the following command to add a security policy that allows users on the private network to access the Internet.

config firewall policy

edit 0

set srcintf internal

set srcaddr all

set dstintf wan1

set dstaddr all

set schedule always

set service ANY

set action accept

set nat enable

set fixedport enable

set ippool enable

set poolname Dynamic-Source

end

If you edit this policy from the web‑based manager, you will notice that the Fixed Port option is visible and is selected.