Whether USG2000&5000 series devices support virtual addresses in NAT Outbound (source NAT) and NAT Server (virtual server) address translation in hot standby deployment

8

Whether the device supports virtual addresses in NAT Outbound (source NAT) and NAT Server (virtual server) address translation

If firewall hot standby is implemented at the enterprise edge, VRRP is enabled, and the virtual address is used for communication with the carrier, NAT Outbound and NAT Server cannot use physical addresses of firewall interfaces. Otherwise, after the active firewall is switched as the standby firewall, the network may be interrupted.

Other related questions:
VRRP+NAT in hot standby deployment on the USG2000&5000
For the complete configuration example, see "Combining Dual-System Hot Backup with NAT" in the USG2000/5000 product documentation.

Whether AR NAT Server Global address is NAT Outbound address in the address pool?
Yes

Can the global address of the NAT server be within the address pool of outbound NAT
The global address of the NAT server can be the address in the outbound NAT address pool.

Whether USG2000&5000&6000 series virtual firewalls support hot standby
Hot standby cannot be implemented between virtual firewalls.

Whether the source address specified in the security policy is the translated address when the source NAT policy is configured
The source address specified in the security policy is the address before NAT when the source NAT policy is configured. When the firewall translates an address in a packet, it searches for the interzone security policy. The firewall translates only the address that passes the security policy check and matches the conditions defined in the interzone policy. Therefore, the source address specified in the interzone security policy is the address before NAT, that is, the private IP address.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top