Sure - you would combine NAT

ymadheka · ‎12-15-2016

Hi Team,

We have a customer who wants to enable routed and transparent mode at the same time for FTD platform. The use case is that the firewall in NAT mode for Internal private IP network and use the firewall in transparent mode for our Internal Public IP network.

Kindly advise.

Marvin Rhoads · ‎12-15-2016

You can just not NAT traffic coming from the Internal Public IP network. That's independent of routed vs.transparent mode.

ymadheka · ‎12-17-2016

Hi Marvin,

Thanks for the reply.

Here the private network represents the server zone and not any internal users. Based on the discussion with the customer the use case is like they have two networks behind the firewall one represents the private network for their servers zone while the other one represents public network of the server zone. The ideology is to not inspect the traffic coming to the public network since their service functionality are delivered through the NATted part of the private network.

Hence want to pass through the traffic for the public network and inspect the traffic for the private network.

Marvin Rhoads · ‎12-17-2016

Sure - you would combine NAT rules (including NAT exemption) with your Access Control (AC) policy.

Just build the AC policy top down like a traditional ACL - first match will govern how the traffic is treated / inspected.

Routed and transparent mode simultaneoulsy