[ttpm123]

Yes, a rule is in place to allow traffic from the vendors subnets on defined ports to the RFC 1918 addresses for the servers.

The NAT rule is also defined; traffic sourced from Vendors subnets to the routable NAT address object is translated to the internal address object (static). I create an object for each hosts NAT address. I know there are other ways to do this, but I inherited this system and am continuing it while I plan an upgrade.


The logs show vendor hosts trying to reach the NAT addresses on allowed ports but being dropped on the cleanup rule. Logs entries are null for NAT'g.

I appreciate the help.