无NAT 源地址直接出局

配置安全策略，允许私网指定网段与Internet进行报文交互。
[NGFW] security-policy
[NGFW-policy-security] rule name policy_sec_1
[NGFW-policy-security-rule-policy_sec_1] source-zone trust
[NGFW-policy-security-rule-policy_sec_1] destination-zone untrust
[NGFW-policy-security-rule-policy_sec_1] source-address 10.1.1.0 24
[NGFW-policy-security-rule-policy_sec_1] action permit
[NGFW-policy-security-rule-policy_sec_1] quit
[NGFW-policy-security] quit

 

允许内网地址出局后，即内网可直接与外网通讯。前提是各设备路由正确。