Screen OS

Hello, I'm so shocked because I just saw the weird situation.

First of all, plz see the below catured picture.

To sum up,

1. I configured HA configuration between SSG-140 deivces.

2. I configured IP configuration on SSG at Trust(10.0.0.1) and Untrust(192.168.10.80)

3. I permitted the policies (http, https, dns, ping) from Trust to Untrust.

That's all, and then I did ping 8.8.8.8 at PC, but it flows very well.

                                           ping 192.168.10.1

I don't think it flows well because I don't configure at SSG to configure NAT! (eg.VIP, DIP, MIP)

I just configured IP and policies.

Even though I permitted PING policy, I don't know why it flows well without NAT.

Anybody knows its fundamentals?

Regards,

Dear ksk79174766,

If you have NAT configured on the "Sharer" then you don't need it on the SSGs, as long as you have a default route to the "Sharer" and a route on the "Sharer" back to the network ( 10.0.0.0/24 ). Which is probably the scenario you have if the topology graph and ping is correct.

Thank you!! haha

By default, traffic from trust to untrust will automatically be NAT'd to the egress interface IP.  If you would like to change this behavior, set your trust interface to "route" instead of "nat".

Ah..!

Actually I configured its mode was "NAT"..

Thank you so muchㅠ_ㅠ