Does an FW support NAT if I disable stateful inspection on the FW

10

Yes. The FW supports NAT after stateful inspection is disabled on the FW.

Other related questions:
If multiple NAT policies are configured, how does an FW match packets with them
An FW matches packets with NAT policies in the top-down sequence. If the packets match a NAT policy, the FW processes the packets based on the policy and stops matching the packets with other NAT policies.

Can I add the IP address of an FW WAN interface into a NAT address pool
Yes.

Which destination address shall I specify in a security policy on an FW configured with NAT server
Specify a private address (destination address) in a security policy on an FW. The private address is the one used after NAT Server is performed. The FW matches packets with server-map entries before enforcing a security policy. After the FW translates destination addresses based on the server-map entries, the FW processes the packets based on the security policy.

Which source address shall I specify in a security policy on an FW configured with a source NAT policy
Specify a private address (source address) in a security policy on an FW. The private address is the one that is used before source NAT is performed. The FW matches packets with a security policy before enforcing a NAT policy. If the packets match the security policy, the FW performs source NAT for the packets. If the packets do not match the security policy, the FW discards the packets.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top