Quote:
| Originally Posted by solara So is statement 'You clear the box Translate destination on client side' what requires you to add a static route? Because you wouldn't normally need to add a static route to the firewall for automatic NAT to work correctly. |
this is just my understanding, may be wrong ;-)
if you clear/untick "Translate destination on client side" the nat will be performed on the internal interface of your firewall, rather than the external interface.
if this is the case the packet will not get to the firewalls internal interface as the routing on the firewall would send packets bound for public IP to the external interface. so you need to add a static to point the nat rules public ip to the internal interface of the firewall so that the nat can be performed.