Hi,
I'm currently using a SA R80.10 cloud-based lab environment.
I have the following networks:
10.159.253.0/24 - VPN
10.159.11.0/24 - Server LAN (one IP is being used by Windows Server which acts as a DC)
10.159.254.0/24 - FW External (eth0)
10.159.0.0/24 - FW Internal (eth1)
10.159.1.0/24 - User LAN (one IP is being used by Windows Server which acts as a client).
1) I have configured a rule to allow the client to send DNS requests to the DC + Hide NAT for both networks.
2) Since both networks are internal networks (Server LAN + User LAN), NAT should not take place at the first phase (when I execute nslookup and the client sends a packet from User-LAN to the DC which is part of Server Lan).
3) Hide NAT should take place only when the DC sends a DNS request to the FW, and the FW realise that he needs to forward it using his external interface. ("o to O inspection point - after routing decision took place").
For now, I have created a manual NAT rule that is located on top to bypass this.
(original source: Client, Original destination DC, translated source: original, translated destination: original)
Without this rule, anti-spoofing drops the traffic (because Xlate Source IP is 10.178.254.254 which is FW EXT eth0)
Assistance would be greatly appreciated!
I've tried several things... I will mention few of them:
Under network management > eth1 the network address is 10.178.0.254/24
I clicked modify > override > specific and selected a group that contains server and user lan. set as detected.
eth0 > set as detect.
The last thing I did is to go to Network topology and set eth1 to /24 and add the network group that contains server+user lan & change eth0 s.mask to /32. It didn't work either....
Thank you 🙂