[pfSense] Outbound NAT

Ugo Bellavance ugob at lubik.ca
Mon May 7 14:15:57 EDT 2012

On 2012-05-04 13:41, Ugo Bellavance wrote:
> Hi,
> I'm still planning the Checkpoint -> pfSense migration, and I'm now at
> the Outbound NAT part. In our current Checkpoint, every single NAT is
> manually defined. It is a bit cumbersome and I doubt this adds to
> security because we have a default deny rules everywhere, ingress/egress.
> What are the best practices for Outbound NAT? I have one WAN and 9
> networks on the LAN side. Within most of my LAN networks, I don't NAT,
> but I do NAT with one of them. I also need to NAT to go out on the
> internet, via WAN. So, basically, I need Outbound NAT for WAN and for
> this one network that I need to NAT.
> One of my question is: should I leave Automatic outbound NAT rule
> generation or use Manual rules. From what I can see, the automatic rules
> are only to access the internet, which is fine because I'll only allow
> what I want with firewall rules. No matter if I go automatic or not,
> I'll need a few rules that I can create for my LAN network that needs NAT.
> Just thinking aloud, but I'd be glad to know if my thinking sounds right.
> Thanks,
> Ugo

Is there something wrong with my question?  Now I've enabled automatic 
outbound NAG rule generation and the rules that were added by setting it 
to manual are still there.  Should I delete them?



More information about the List mailing list