Wan with Public IP in transport network

Alex_91
Alex_91 Posts: 25  Freshman Member
First Comment Friend Collector Sixth Anniversary
edited April 2021 in Security
Good Morning,
I find myself in a particular situation.
I need to connect a firewall in a network where I am given a public IP in a LAN.
Perhaps easier to understand could be the attachment.

I managed to mask MY LAN1 network to use the public IP address (in routing -> add -> From Lan1, Source Sub_Lan1 | NEXT-HOP Interface Wan1
however, the traffic coming from the firewall (ZyWALL) itself is not masked correctly and does not come out with the correct public IP. How can I get the traffic out of the ZYWALL Firewall as well?

Thanks for the support

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,229  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Hi @Alex_91

    In your scenario, if you would like to do SNAT you can enable it on your Policy Route.

    STEP1. Add an IP address object for public IP.



    STEP2.Enable SNAT on your Policy Route.



    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community

  • Alex_91
    Alex_91 Posts: 25  Freshman Member
    First Comment Friend Collector Sixth Anniversary
    Hi Jeff,
    thank you for the help.

    I have already created this rule, as regards the traffic coming from LAN1 everything works correctly.

    The system engineer, however, tells me that the traffic coming from the firewall (I imagine to send notifications for SecureReport, to perform updates, ...) are not forwarded correctly. ( Only traffic from the firewall, and in Policy Route this option from ZyWALL to SNAT is disabled ).

  • dpipro
    dpipro Posts: 69  ZCNE Certified
    First Comment Friend Collector Fifth Anniversary ZCNE Switch Level 1 Certification - 2020
    Hi @Alex_91

    you can do it by SSH 


    Best regards
  • Alex_91
    Alex_91 Posts: 25  Freshman Member
    First Comment Friend Collector Sixth Anniversary
    It seems the rule is present with that command.

    Thank you so much!!

Security Highlight