NAT in dual firewall setup

  • Hi,

    We are planning to redesign our network and we decided that this is how we want it to be;

    isp<–---->(public ip)==[firewall1 w/NAT]==(<–---dmz network-->

    ([firewall2w/o NAT ]==(<–---->lan subnet (192.168.200.x)

    As you can see we don't want a double NAT, so we decided that firewall2 will not NAT just acts as a internal router.

    My problem is when I disable the NAT on firewall2 and add the 192.168.200.x network to firewall1, I can ping but I can't browse the internet.

    I suspect that my firewall1 doesn't translate my internal 192.168.200.x network going to the internet only the lan subnet 192.168.1.x.

    Any inputs?

    (Kindly advise me for any other information that I must provide to better analyze this issue. )


  • So, from what i've read your problem is, that you can't access websites on the network behind your 2nd Firewall.

    If this is the case, this would lead me to the following approaches:

    1. I would make sure that nothing blocks traffic between Network 200.x and 1.x (In this case your 2nd FW)
    2. If you have a Proxy Server on Firewall #1, try using the Upstream Proxy on Firewall #2, given it the address
    of the first proxy of course and then try telling your clients that Firewall #2 is their new Proxy.

    Hope this helped.


Log in to reply