McAfee Support Community - Re: Setup without NAT

kvt · ‎09-18-2015

I have one that I have never tried before on the firewall. I have been told to try and set up the firewall without using nat. I had to have the IP address of each system behind the firewall show up on the outside of the firewall. They do not want 1 to 1 mapping or anything else. They want the IPV4 address of each box to show up when they go somewhere. I have never done this before, do anyone know if the system will do this and what is required. I know the internal and the external ports have to be on different subnets. That I can do with subnetting etc.

Anyone have any experience with this. and set it up before.

PhilM · ‎09-19-2015

From what you are describing it sounds as though you need to run the Firewall in transparent mode. The only IP address the firewall will have configured is to allow administration access. Hosts on the trusted and untrusted sides will belong to the same subnet and (access rules permitting) will be visible to each other natively.

Alternatively if the source and destination hosts belong to different subnets, but you want the respective IP addresses to be visible to each other it is a matter of setting the NAT value to "None" in all applicable rules governing traffic to/from these hosts. You must ensure that appropriate routing is in place to ensure the traffic flows correctly.

Hope that helps.

-Phil.