Loopback Policy for One-to-One NAT
You can apply this in one-to-one NAT scenario as well when the public IP address is not the WAN interface IP.
Imagine that you now have a working setup with private side 10.100.0.3 (LAN server object) and public side 220.127.116.11 (WAN server object). You would need this custom NAT Policy:
- Original Source: LAN Subnets
- Translated Source: WAN Interface IP
- Original Destination: (WAN server object)
- Translated Destination: (LAN server object)
- Original Service: Any
- Translated Service: Original
- Inbound Interface: Any
- Outbound Interface: Any
This example can be modified to provide the same access for a server on the DMZ (or other zone) by using DMZ server object in place of the LAN server object.
How to Test this Scenario:
You can now verify whether the loopback NAT policy is functioning by testing from private side to the public ip address of server. It is recommended to use the public IP address of the server instead of DNS names. If using DNS names, make sure it is resolving to the Public IP address.