Outbound Policy - network behind firewall

We have 3 ISP connected to B580. after that we have a firewall.

now , we want to set outbound policy for networks behind the firewall.

we tried setting policy by source IP/network but it wont work.

Please help



This is normal is you deploy the firewall in NAT mode. You may need to define the outbound policy based on the NATed IP inorder the outbound policy to work.

If you want the B580 having clear visibility for the LAN devices running behind the firewall, suggest to disable the NAT at the firewall and allow routing between the firewall & the B580.


thanks. if source cannot be controlled. is it the same if i base the policy destination and protocol ?

Make sure you define source IP as ANY or the firewall NATed IP then it will work. I think i explained this as below :heart:

All the outbound policy criteria need to matched in order for the policy will take effect. The disadvantages for the NATed firewall behind B580 is that you going to lost the importance for the source IP criteria that use to differentiate the network, VLAN, or specific user IP.

1 Like