Resolve problems when the Engine translates an IP address to some other IP address even though it should not.
For more details about the product and how to configure features, click Help or
press F1.
Steps
-
Check the order of the NAT rules.
The Engine reads the NAT rules from top to bottom. Only the first rule that matches is considered, so you can make exceptions to rules by placing a different, partially overlapping rule above. Leaving the NAT cell empty tells the Engine that addresses in any connections that match the rule should not be translated.
-
Check for other configurations that apply NAT.
For SD-WAN traffic, you can also enable and disable address translation for all traffic transmitted over a SD-WAN in the properties of the SD-WAN element. The default setting is to disable all
address translation for tunneled SD-WAN traffic. The setting affects only traffic wrapped inside the SD-WAN tunnel, not the tunnel itself (the encrypted packets).
In addition to NAT rules, NAT is also used in NetLink or Server Pool elements, and as a NAT pool defined for VPN clients in the Engine element’s properties. There must not be overlapping NAT rules that match the same connections. For NetLinks, NAT rules are used to select traffic for balancing, and only the actual IP addresses used for the translation are defined in the NetLink elements. NAT is required for the operation of these features and you must exclude the connections in question from the scope of these features to disable NAT.