Hi All,
All traffic from trust zone to internet is set to source-nat "interface" thus it gets natted to the public ip. I want to disable this common natting for all traffic types and have custom static nat rules for specific user subnets but at the same time retain the source-nat interface for other traffic types. I intend to do this by putting in the below commands
set rule NAT-OFF match source-address 10.X.20.0/22
set rule NAT-OFF match destination-address 0.0.0.0/0
set rule NAT-OFF then source-nat off ----------------------------- This should turn off the source-interface nat
and put in below commands or each user subnet residing on different sites
set security nat static rule-set Libpublicip from zone trust to zone untrust
set security nat static rule-set Libpublicip rule Libpublicip match source-address 10.X.20.0/24
set security nat static rule-set Libpublicip rule Libpublicip then static-nat prefix <public ip>
set proxy-arp interface ge-0/0/15.0 address <public ip>
Then i assume that static-nat will continue to work as configured irrespective of the source-nat being turned off as above ?
Please guide.