ISP Redundancy, auto hide NAT, and exceptions

2009-11-11, 09:23
I need to setup ISP redundancy on an UTM-1 cluster (R65 HFA 50).
On the UTM-1 cluster I have, directly connected :
- a few LANs (servers, users, voice, etc.)
- the two ISPs
- a few DMZs

Now, I learned the hard way that there's no other way than using auto Hide NAT behind the gateway, for ISP redundancy to work. And I got it to work in a failover mode.

My question is : if I need two networks, say servers' and users' networks in this case, to be linked *without* any NAT being performed by the gateway, how can I do that ? I had manual NAT rules to avoid NATting between these particular networks, but it looks like they're overriden by the auto Hide NAT... which is required for ISP redundancy to work.

How could I handle this ?

2009-11-11, 14:54
On your NAT page in SmartDashboard you can see the order of the NAT rules, when you need a manual rule to take effect before automatic NAT just create that rule Above the Automatic NAT (goto Rules > Create Rule Above).

2009-11-12, 09:22
Just because the automatic NAT rules are created at the top of the policy and there's no "up" or "down" button, doesn't mean we cannot create (or cut'n'paste) rules above them ... stooopid me !

Thanks much !