    How to use second subnet in Outbound Multi-Link NAT


      If ISP isn't able to give you large enough subnet but instead gives two smaller subnets, this is not a problem from NGFW outbound Multi-Link NAT point of view. You just need to make sure that ISP routes both subnets to NGFW and you can use IP addresses from the second subnet similarly in Multi-Link as IP addresses from first subnet. There's no need to use the second subnet in NGFW interface configuration nor routing.


      Here's imaginary example where we got two address ranges (FW CVI, NDI1, NDI2 and ISP router and from ISP_A. Since we want to use two unused IP addresses and from first subnet in static destination NAT rules, we decide to use IP addresses and from second subnet in outbound Multi-Link NAT. In order to use IP addresses from second subnet in Multi-Link NAT, we need to add also the second subnet as valid network in properties of ISP_A netlink:




      So here I added both /29 and /28 networks as Network in ISP_A_netlink properties, but all the routing on Interface 0 is still done via ISP router


      Now we can use this netlink in Multi-Link where we define the NAT pool to include two IPs and




      And finally we use the Multi-Link element normally in NAT rule:



      Same rules with IP address details:



      Similarly you could have used the IPs from second subnet in first two destination NAT rules.