We have 3 ISP connected to B580. after that we have a firewall.
now , we want to set outbound policy for networks behind the firewall.
we tried setting policy by source IP/network but it wont work.
Please help
thanks
This is normal is you deploy the firewall in NAT mode. You may need to define the outbound policy based on the NATed IP inorder the outbound policy to work.
If you want the B580 having clear visibility for the LAN devices running behind the firewall, suggest to disable the NAT at the firewall and allow routing between the firewall & the B580.
2 Likes
thanks. if source cannot be controlled. is it the same if i base the policy destination and protocol ?
Make sure you define source IP as ANY or the firewall NATed IP then it will work. I think i explained this as below 
All the outbound policy criteria need to matched in order for the policy will take effect. The disadvantages for the NATed firewall behind B580 is that you going to lost the importance for the source IP criteria that use to differentiate the network, VLAN, or specific user IP.
1 Like