@OBARRERA you can do NAT on the Meraki between WAN and LAN with no problem, that's one of the use cases for Meraki NAT. The 'public' (i.e. outside) IP address can even be the same as the inside IP address if you just want to get the traffic across the MX without actually changing the IP address. The only check Meraki does is that the 'private' (i.e. inside) IP address actually exists as a VLAN on the MX or is reachable via a route from the MX; it doesn't do any reachability checks for the 'public' IP address, you just need to make sure that the upstream device is routing that IP address to the MX, and the MX just responds for the IP address. Downside of the Meraki NAT is that you can only configure NATs for a single host at a time, so if you want to do a NAT for an entire /24 subnet then you need to create 255 individual NATs - no fun. I'm not entirely sure what your desired outcome is, but if you are stuck with the configuration you've shown you may be able to use the No-NAT feature. This allows you to turn of NAT for each WAN port, and if desired on a per VLAN basis too so that traffic traverses the MX without NAT. You need to get support to switch No-NAT on for you if you think this will work, and at the same time they'll also enable the inbound firewall so that you can configure the rules on the MX to allow inbound traffic too. Be aware that by default when they enable the inbound firewall it is set to allow any to any by default (obviously you can add your own rules to change this), although since you're sitting behind the FortiGate this may not be an issue.
... View more