Skip to main content

Access from External Network without NAT

Access from LAN to External Network without NAT

If necessary (as a rule, when SafeUTM is located inside a LAN, and not on the border with the Internet), it is possible to organize direct access to some resources of networks external to SafeUTM without using NAT.

For example, let's analyze the firewall configuration for non-NAT access to IP address: 10.0.0.1 (in general, it can also be a network or a range of IP addresses).

  1. Turn off the parameter Automatic local SNAT in Traffic Rules -> Firewall.
  2. In the firewall, in the SNAT table, create a rule with the action Don't use SNAT for this destination IP address.

    1. Access from External Network without NAT.png

  3. With the next rule, create SNAT rules for your local network (so that other hosts work via NAT).

    2. Access from External Network without NAT.png

The final firewall rules look like this:
3. Access from External Network without NAT.png

On LAN devices, SafeUTM must be used as the main gateway, or the necessary route to external IP addresses through SafeUTM must be prescribed. Also, LAN devices must be authorized on UTM. On devices from an external network (in relation to SafeUTM), SafeUTM must also be used as the main gateway, or there must be a route to the local network via SafeUTM.

Back to top