AnsweredAssumed Answered

Management behind NAT

Question asked by Andrey Korobko on Oct 5, 2017
Latest reply on Oct 5, 2017 by Danny Jung

Good day.
Help me to solve the following problem:
1. We have a dedicated management server (M) with a local IP address (10.1.0.100)
2. In the local network, there are several firewalls A and B (HW 5000) (10.1.1.200 and 10.2.1.200)
3. Outside the local network, we have branches in which the firewalls C, D, E (HW 1400), etc. are located. (1.1.1.1,2.2.2.2,3.3.3.3)

During the configuration of this topology, the problem of adding firewalls of branches (C, D, E) to the management server.

In order for the branch firewalls to see the management server from the outside(internet) and be able to interact with it, an automatic static rule was made (ext IP 5.5.5.5) and the function "Apply for SG control connections" is enabled

In this configuration, the branch firewalls work fine, but the local firewalls do not interact with the management server since they attempt to establish a connection with mng server (M) to an external address configured with a static nat.

How to be in this situation?

 

Outcomes