Troubleshooting 1:1 NAT

If 1:1 NAT (or even Outbound NAT) is properly configured, but the system still appears to access sites like and from the main WAN IP Address on the firewall, then a web proxy or similar may be in use.

With a proxy involved, even though 1:1 NAT is in place the web requests are still proxied, and thus originate from the firewall itself or the proxy.

To proxy the web traffic and verify the 1:1 mapping is working properly, find a different service to verify against, such as:

  • Login to a remote system and watch the firewall logs or tcpdump.

  • Initiate some traffic from the system and verify the traffic is originating from the proper IP Address.

  • Access an HTTPS site that does not flow through the proxy.