Access from External Network without NAT
Access from LAN to External Network without NAT
If necessary (as a rule, when SafeUTM is located inside a LAN, and not on the border with the Internet), it is possible to organize direct access to some resources of networks external to SafeUTM without using NAT.
For example, let's analyze the firewall configuration for non-NAT access to IP address: 10.0.0.1 (in general, it can also be a network or a range of IP addresses).
- Turn off the parameter Automatic local SNAT in Traffic Rules -> Firewall.
- In the firewall, in the SNAT table, create a rule with the action Don't use SNAT for this destination IP address.
- With the next rule, create SNAT rules for your local network (so that other hosts work via NAT).
The final firewall rules look like this:
On LAN devices, SafeUTM must be used as the main gateway, or the necessary route to external IP addresses through SafeUTM must be prescribed. Also, LAN devices must be authorized on UTM. On devices from an external network (in relation to SafeUTM), SafeUTM must also be used as the main gateway, or there must be a route to the local network via SafeUTM.