Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can the traffic from the Firewall itself be Natted by a Nat policy?

I had a quick play with the home edition in a VM and I see that you can configure Nat policies.  (Couldn't do much with it as it isn't in the traffic path at the moment)


But the question I need to know is it possible to use a NAT policy to change the source IP of traffic originating from the firewall itself?

The reason I ask is because I'm thinking of buying a hardware appliance but I want to connect it to a network where the main IP on the Wan interface is actually just an RFC1918 address and as such cannot reach the internet.

that ip exists purely to facilitate communication with the upstream router so a /29 of public IPv4 space can be routed to it, So I'd need to add the /29 as an alias and then Nat to that IP instead of the main IP.


Obvisouly it should be able to do it for the devices behind the firewall, but it would need to do it for traffic the firewall/utm itself is sending as well (I.e when it calls into the cloud, when it's establshing vpn's .etc)



This thread was automatically locked due to age.
Parents
  • I haven't tried this, so theory only. Setup the modem in bridge mode, and create multiple addresses on the external interface, then you would need SNAT/DNAT rules but in theory are created automatically when you setup your VPNs.

    Ian,

    home UTM 9.x running in ESXi 6 e3-1275v2

    AP55c and AP10 (courtesy Astaro)

    Three other UTMs, SUM and SFM in hibernation

    XG 15.x MR3 in hibernation

Reply
  • I haven't tried this, so theory only. Setup the modem in bridge mode, and create multiple addresses on the external interface, then you would need SNAT/DNAT rules but in theory are created automatically when you setup your VPNs.

    Ian,

    home UTM 9.x running in ESXi 6 e3-1275v2

    AP55c and AP10 (courtesy Astaro)

    Three other UTMs, SUM and SFM in hibernation

    XG 15.x MR3 in hibernation

Children
No Data