Forum Discussion
JRahm
Jan 16, 2009Admin
port usage for nat is tricky based on many factors, including whether your firewall is the initiator or the responder, or possible to be both. You may need a default forwarder 0.0.0.0:0 outbound from your firewall connected vlan unless you know all your peer endpoints, but you might get by with 500/4500 udp ports enabled in both directions. I doubt this will cover every scenario, however, because whereas a stateful firewall will build the chain to return a packet sourced to your allowed destination (in this case, 500/4500), the LTM will not.