Hi,
Yes you can do what you are asking.
security {
nat {
source {
rule-set internet {
from zone inside;
to zone outside;
rule no-nat {
match {
source-address [ 192.168.1.0/24 192.168.2.0/24 ];
destination-address [ 100.1.1.1/32 90.1.1.1/24 ];
}
then {
source-nat {
off;
}
}
}
rule nat {
match {
source-address [ 192.168.1.0/24 192.168.2.0/24 ];
}
then {
source-nat {
interface;
}
}
}
}
}
}
}
Tim