Source Hide NAT is performed even though a no-NAT rule is configured

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk117612
Technical Level
Product	Security Management, SmartConsole / SmartDashboard, Security Gateway
Version	R80, R80.10
OS	Gaia
Platform / Model	All
Date Created	26-May-2017
Last Modified	20-Jul-2020

Symptoms

Traffic captures (fw monitor) show that the source IP address is translated to one of the Physical IPs of the Security Gateway even if there is a no-NAT rule configured.
Traffic arrives to next-hop with the NATed IP address.
Changing the NAT method of the "Original Packet" rule to "Static-NAT" instead of "Hide-NAT" resolves the issue.

Cause

By design, the Security Gateway default value of no-NAT rule should be Static-NAT.

However, in R80 and R80.10 Security Management Server, users can change the NAT method of "Original packet" to hide-NAT, which can cause the Security Gateway to perform NAT on the Source-IP configured in this particular rule even if there is a no-NAT rule configured.

Solution

Note: To view this solution you need to Sign In .