How to disable NAT in SSG140

  • I am new to Juniper SSG series firewalls. How can I disable NAT between DMZ and trust interface.

    Right now when I connect to the server in DMZ from the Trust interface, the source is listed as the firewall interface IP on DMZ segment. I would like to see the real IP address of the source connection. How can I configure this?

    Can I configure this at global level. disable NAT for all connections between my organization’s private IP’s.

    Thank You

  • Thank You.

  • Looks like your device is working in NAT mode, it means your device’s Trust interface is in NAT mode. When the device is in NAT mode below two NAT’s happen by default.

    1. Trust>>Untrust
    2. Trust>>DMZ

    To get rid of this configure your device in Route mode, means configure your Trust interface in Route mode, then your DMZ would able to see requests coming from original Source.

    For Trust to Untrust you would have to do Policy Based NAT to care of NATTING.