Whether the firewall supports source NAT in transparent mode (service interfaces working in switching mode)


Yes. However, the post-NAT source address can use addresses in the address pool, but not addresses of outbound interfaces.

Other related questions:
Whether the firewall supports transparent mode
The USG2000&5000&6000 support transparent mode.

Firewall working mode of an AR router
To improve networking flexibility of the firewall, a working mode is defined for different interfaces, instead of an entire router. The working mode of interfaces is defined as routing mode. If a router is located between an internal network and an external network, the firewall configures IP addresses of different segments for the interfaces connecting to the internal network and the external network, respectively, and re-plans the original topological structure. Example: PC (internal network: trust) - AR (with embedded firewall) - (external network: untrust) PC Two security zones are planned: trust zone and untrust zone. The interface of the trust zone is connected to the internal network, and the interface of the untrust zone is connected to the external network. It should be noted that the interfaces of the trust zone and untrust zone are located on two different subnets, separately. When packets are forwarded between interfaces of the Layer 3 zone, the router queries the routing table based on IP addresses of the packets. Unlike other router devices, the AR router further processes the IP packets. It queries the session table or the ACL to determine whether to release the packets. Besides, the firewall needs to complete other attack defense check.

Does a firewall support source NAT on a switched interface
Yes. The FW only supports source NAT working in address pool mode on a switched interface. The switched mode is also called the transparent mode.

Definition of transparent mode for the firewall
For the firewall, the transparent mode is a common deployment mode. The service interfaces of the device work at Layer 2 (data link layer) to forward Layer 2 packets. In this case, the device can serve as a switch and can perform security protection on the traffic without changing the original network structure and configuration after being connected to the original gateway device in transparent mode. Therefore, this deployment mode is usually called the "transparent mode".

Whether USG2000&5000 series virtual firewalls support transparent mode
The virtual firewall supports transparent mode. You can bind virtual firewalls in transparent mode to VLANs one by one to isolate addresses on the same network segment.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top