Create a Post
Showing results for 
Search instead for 
Did you mean: 

Hide NAT issue in a lab environment


I'm currently using a SA R80.10 cloud-based lab environment.

I have the following networks: - VPN - Server LAN (one IP is being used by Windows Server which acts as a DC) - FW External (eth0) - FW Internal (eth1) - User LAN (one IP is being used by Windows Server which acts as a client). 

1) I have configured a rule to allow the client to send DNS requests to the DC + Hide NAT for both networks.
2) Since both networks are internal networks (Server LAN + User LAN), NAT should not take place at the first phase (when I execute nslookup and the client sends a packet from User-LAN to the DC which is part of Server Lan).
3) Hide NAT should take place only when the DC sends a DNS request to the FW, and the FW realise that he needs to forward it using his external interface. ("o to O inspection point - after routing decision took place").

For now, I have created a manual NAT rule that is located on top to bypass this.
(original source: Client, Original destination DC, translated source: original, translated destination: original)
Without this rule, anti-spoofing drops the traffic (because Xlate Source IP is which is FW EXT eth0)

Assistance would be greatly appreciated! 

I've tried several things... I will mention few of them:
Under network management > eth1 the network address is 
I clicked modify > override > specific and selected a group that contains server and user lan. set as detected.
eth0 > set as detect. 

The last thing I did is to go to Network topology and set eth1 to /24 and add the network group that contains server+user lan & change eth0 s.mask to /32. It didn't work either....  

Thank you 🙂 


0 Kudos
2 Replies


0 Kudos

As per 0.PNG, rule 2 is doing Hide NAT.  Can you share NAT rule base?

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events