Hide Internal Network - Interface Specific?

RKinsp · ‎2025-02-04

Hey everyone,

So we have a situation with 4 different ISPs on this SD-WAN configuration. The issue is that the main link goes through an F5 box before hitting the internet, and the F5 does NAT. The other ISPs connect directly to our gateway.

The question is can we make the "HIDE INTERNAL NETWORK" function interface specific somehow, so that if traffic goes out WAN 1 it does not NAT but if goes out the other WAN links it does?

The only way I could think of doing this is leave HIDE INTERNAL NETWORK turned off at the gateway level and create specific NAT rules using specific ZONEs for each ISP.

Any thoughts?

Thanks in advanced,

RK

the_rock · ‎2025-02-04

The option you gave is pretty much how I would do it. Otherwise, that setting to hide internal networks is not interface specific, Im positive of that.

Andy

the_rock · ‎2025-02-04

Here is a good example. I know its R82 lab, but works the same even in R81.xx.

Andy

AmirArama · ‎2025-02-05

Do you have Quantum SD-WAN enabled? or it's a locally managed Spark SD-WAN?

in general, you could just make sure to do double NAT, so F5 will NAT on the CP interface IP as well.

if you are using Quantum SD-WAN you can use our 'NAT Per ISP' feature on infinity portal setting 'Hide behind GW' per each ISP/Interface, and on the one you don't want NAT set it to 'According to Smart Console' and in Smart Console make sure you don't have NAT for this networks.

Are you a member of CheckMates?

Hide Internal Network - Interface Specific?