I have a public subnet for the DMZ, but I do not want to use the bridge interface for the DMZ interface, because there is only one physical cable.
How can I use a public subnet for a DMZ without SNAT in the ZyWALL USG series hardware gateways, but keep the SNAT for the LAN subnet?
1. Navigate to Configuration > Network > Routing to configure the Policy Route policy without SNAT for network packets from a DMZ subnet.
2. Connect to the Internet via the DMZ and collect network packets on the WAN interface. You will see that the source IP address (Source) is public/external, i.e. SNAT is not used.
Please sign in to leave a comment.