Thanks for you advise, appreciate it. My bad, traffic from trust zone does not need to nat. But I need to clear something, by right the untrust zone (10.151.1.252) can reach the external network (192.2.3.1) am I right? Because I have set the default gateway pointing to next hop of untrust interface (10.151.1.251). This quite confusing because I am still unable to ping from SSG140 to external network 192.2.3.1
↧