Wan with Public IP in transport network

Options
Alex_91
Alex_91 Posts: 14  Freshman Member
First Anniversary 10 Comments Friend Collector
edited April 2021 in Security
Good Morning,
I find myself in a particular situation.
I need to connect a firewall in a network where I am given a public IP in a LAN.
Perhaps easier to understand could be the attachment.

I managed to mask MY LAN1 network to use the public IP address (in routing -> add -> From Lan1, Source Sub_Lan1 | NEXT-HOP Interface Wan1
however, the traffic coming from the firewall (ZyWALL) itself is not masked correctly and does not come out with the correct public IP. How can I get the traffic out of the ZYWALL Firewall as well?

Thanks for the support

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,104  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @Alex_91

    In your scenario, if you would like to do SNAT you can enable it on your Policy Route.

    STEP1. Add an IP address object for public IP.



    STEP2.Enable SNAT on your Policy Route.


  • Alex_91
    Alex_91 Posts: 14  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options
    Hi Jeff,
    thank you for the help.

    I have already created this rule, as regards the traffic coming from LAN1 everything works correctly.

    The system engineer, however, tells me that the traffic coming from the firewall (I imagine to send notifications for SecureReport, to perform updates, ...) are not forwarded correctly. ( Only traffic from the firewall, and in Policy Route this option from ZyWALL to SNAT is disabled ).

  • dpipro
    dpipro Posts: 64  ZCNE Certified
    First Anniversary ZCNE Switch Level 1 Certification - 2020 ZCNE Nebula Level 1 Certification - 2020 ZCNE Security Level 1 Certification - 2019
    Options
    Hi @Alex_91

    you can do it by SSH 


    Best regards
  • Alex_91
    Alex_91 Posts: 14  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options
    It seems the rule is present with that command.

    Thank you so much!!

Security Highlight