Yes,
I have a simple permit rule for the trusted zone(s) (office, labs, home) to the untrusted zone (htt). And each trusted interface is set to nat.
I was thinking that 2 rules, one with nat, would work.
So for zone labs (don't mess with 'production') I changed the interface to route.
I created a rule from labs to htt with destination 23.123.122.144/28 permit
the next rule from labs to htt is any destination and advanced policy of nat source translation (Use Egress interface IP)
I did an HTTP connection to one of the servers in the dmz and watched the access_log and the source IP address was that of the egress IP, not the private address. In other words, still natted.
What did I miss?
thanks