I configured my NGFW Cluster with only a CVI Address on the external Interfaces.
No NDI Addresses.
The configuration is working fine for traffic from internal to external.
But the node-initiated traffic, like checking av updates, is not working anymore.
Does anybody know how to configure NAT for the node-initiated traffic. I tested some NAT configurations but i can't get it working.
Automatic rules allow the NDI connections in such a way that they are not subject to NAT.
Allow your AV updates, etc, in a template rule before the automatic rule insert point, then create an applicable NAT for them.