Here's the problem
I have a non-standard service that I need to forward to and internal server
I tried configuring this using policy based nat destination but it would not work.
The only way I seem to be able to do it is to configure a VIP on my untrust interface and then set up a policy to permit the traffic to the server in the trust zone
However...
This firewall will also eventually serve as the main internet gateway so from my trust to un-trust zones I need to use NAT source, is it ok to run VIP and NAT source at the same time or will that cause issues?
I have a non-standard service that I need to forward to and internal server
I tried configuring this using policy based nat destination but it would not work.
The only way I seem to be able to do it is to configure a VIP on my untrust interface and then set up a policy to permit the traffic to the server in the trust zone
However...
This firewall will also eventually serve as the main internet gateway so from my trust to un-trust zones I need to use NAT source, is it ok to run VIP and NAT source at the same time or will that cause issues?