Port forwarding between trusted VLANs

I want to hide a server port behind the Firebox but source and destination are in trusted zone (2 different VLANs on different FB interfaces), i.e.:
10.1.1.x (clients) -> (firebox) -> (server)

SNAT is not available between trusted zones.

Any idea ?
Thanks !

Device: T35
Fireware 12.5.12


  • Options
    You can have the VLAN users access the external (public) IP address.
    Use NAT loop back to allow this.
    Add the source VLAN name to the From: field of the current incoming policy with the SNAT
  • Options

    Actually, it needs to be the IP gateway (=firebox) on the local subnet due to VPN tunneling restrictions (traffic is blocked to other IPs even in same subnet).

  • Options
    Isn’t the source IP addr of a VPN user something from the virtual IP addr pool?
  • Options

    it is an external VPN. The client is in the subnet and accesses a VPN server outside. I want to connect to a local printer in another subnet and avoid VPN client restrictions ;)

  • Options

    Any other suggestion ?

  • Options
    How about adding a private subnet to your external interface and include it in the BOVPN.
    Then a NAT loop back policy might work when accessing an IP from that new private subnet
Sign In to comment.