We are wanting the configure our SSG520 as follows:
Internet -> SSG -> LAN
We have a public /24 assigned from our ISP.
We need the SSG to have 1 public IP and then the others to be routable through the SSG.
So hosts on the trust side have an IP in the SAME subnet as the SSGs public IP.
Does anyone know how to get this work?
You could set the SSG into transparent mode. This makes the firewall layer 2 for the traffic.
The servers will use the upstream isp router as the default gateway. You can assign one of the public addresses to the single management address for the firewall and the rest for the servers.
The interfaces can still belong to zones so the policies from untrust to trust will still work normally.
The major disadvantage, is that all devices behind the firewall will need to be in the same subnet. So this limits your ability to expand the firewall down the road.