NAT 'Exception' on an SSG5 (ScreenOS 6.2r10)

  • Hello,

    I was wondering if somebody could help me solve this problem…

    I have an SSG5 firewall that has been setup to Source NAT all internal hosts to the Egress interface address. This is fine for the majority of scenarios except that our syslog server is on the outside resulting in logs for all devices on the inside appearing to be sourced from the same interface.

    I know I could resolve the problem by removing the interface NAT configuration and applying policy NAT to all rules except the syslog policy, but this would require a fairly fundamental change to the firewall so isn’t going to be very practical.

    On a Cisco ASA, I could specify an NAT exception (I think) to get round the problem but I’m not sure how to achieve the same result within ScreenOS.

    So in summary:

    {All Internal Hosts} - {Syslog Source Hosts} => Source NAT to external interface of firewall

    {Syslog Source Hosts} => No NATing

    Any help gratefully received.

    Thank you.

  • How about separating interfaces?

    {All Internal Hosts} –>egress 1 (if-nat mode)
    Syslog Source Hosts —> egress 2(if-route mode)