Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multiple WAN aliases for outbound traffic

Hi,

what would be the proper way to configure different WAN ALIASES for outbound traffic, for example in this manner:

  • LAN users would use WAN Alias 1 for browsing and accessing web
  • LAN2 users would use WAN Alias 2
  • FreeWiFi users would use WAN Alias 3

I have WAN configured as IP 1.1.1.218/28 (with gateway 1.1.1.217).
Then I configured WAN ALIASES as 1.1.1.219/32, 1.1.1.220/32, 1.1.1.221/32 and 1.1.1.222/32
Then I created Hosts objects for each alias.

Now here's my dylema: Do I need to configure multiple MASQ NAT rules for each outbound traffic?
For example, I would create MASQ NAT rule, with ORIGINAL SOURCE=LAN, OUTBOUND INTERFACE=WAN Port2, and Override SNAT=Translated source to WAN ALIAS.
But what about #NAT_Default_Network_Policy default MASQ rule? Should I place mine below or above this one?


Or is there some better/proper way to do outbound routing?



This thread was automatically locked due to age.
Parents
  • Hi Andrej,

    You will need to create separate firewall rules for each of your desired traffic. For example, LAN1 with a user of 172.16.16.20 will Masq its Source to 1.1.1.1 when accessing the internet

    - Populate the necessary information then click "Create linked NAT rule"

    - Then configure the NAT rule "Override source translation..." to the desired Alias

    Afterward then it should use the Alias address, provided that you do have control over this IP

    Hope this helps

  • Hi Adam,

    thank you for explanation and screenshots.

    Was it then my mistake, since I was only creating NAT MASQ rules, without linked FW rule? Do they need to be in pairs, MASQ and linked FW rule?

    BTW...in your example FW rule, did you leave Source and Destination zones empty for a reason?

Reply
  • Hi Adam,

    thank you for explanation and screenshots.

    Was it then my mistake, since I was only creating NAT MASQ rules, without linked FW rule? Do they need to be in pairs, MASQ and linked FW rule?

    BTW...in your example FW rule, did you leave Source and Destination zones empty for a reason?

Children
  • Linking the Nat ensures that the specific traffic will be natted accordingly. So, in your case, you’ll need to specify which source network you would like to configure the NAT.

    In the screenshot, when I created the rule and tried to share it with you, it did not show the "Create Linked Nat rule" but kindly check this screenshot for reference.