Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 2661 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

System Traffic NAT

akonst

Dear community 

I would like to ask a question regarding the system generated traffic. We have founf this article in order to SNAT the system generated traffic:

https://support.sophos.com/support/s/article/KB-000035607?language=en_US

We have run: set advanced-firewall sys-traffic-nat add destination 0.0.0.0 netmask 0.0.0.0 snatip publicIP in order to SNAT system generated traffic since our firewalls are behind routers which do not perform any nat and have a point to point connection to them via private IP address. This created an issue while creating our cluster as all traffic originating from this firewall was natted. After removing the SNAT and rebooting the appliance we were able to form our cluster but now we need to perform the system traffic NAT again in order for the firewalls themselves to reach the internet. All the other networks have internet access since we do snat for all the networks on the firewalls.

The question is that if we define an interface to the above command like: set advanced-firewall sys-traffic-nat add destination 0.0.0.0 netmask 0.0.0.0 interface WAN snatip publicIP will only snat system traffic leaving wan interface and not the cluster traffic?

Antonis C



This thread was automatically locked due to age.
Unfiltered HTML