Skip to main content
ehsan230564
ehsan230564
New Member
August 21, 2021
Question

NAT disabled

  • August 21, 2021
  • 1 reply
  • 3880 views

Dear sir,

 

Can i get explained and if possible for profile policy with NAT DISABLED.

Actually i want to allow traffic through WAN interface without translating the source address.

That is allow traffic through from LAN to WAN and keep the source address as original.

 

Thanks and best regards.

 

 

 

    1 reply

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    August 21, 2021

    sure you can.

    emnoc
    emnoc
    New Member
    August 21, 2021

    Double sure you can, just don't enable nat on the policy that allows the traffic.

     

    e.g

     

    config firewall policy

        edit 1

            set uuid 6109d3c2-b4e4-51eb-548f-7b34dbca756a

            set srcintf "internal"

            set dstintf "wan1"

            set action accept

            set srcaddr "all"

            set dstaddr "all"

            set schedule "always"

            set service "ALL"

            set inspection-mode proxy

            set nat enable

        next

    end

     

    config firewall policy

        edit 1

            set uuid 6109d3c2-b4e4-51eb-548f-7b34dbca756a

            set srcintf "internal"

            set dstintf "wan1"

            set action accept

            set srcaddr "all"

            set dstaddr "all"

            set schedule "always"

            set service "ALL"

            set inspection-mode proxy

            set nat disable

        next

    end

    Ken Felix

     

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    August 22, 2021

    Interesting. "Through WAN interface" does not have to mean "to the internet".

    Sending traffic to the inet without SNAT onto the public WAN interface address will prevent the return traffic from finding you (no routing of private address space in the inet).

    Terms & ConditionsAccessibility statement