After having some trouble for a couple of days i found that if i create a portforwarding using the gui (DNAT) rule, XG creates 3 NAT rules. DNAT, loopback and reflexive. The DNAT rule comes with a inbound filter for the wan interface. Lookback looks fine as well. But the reflexive rule doesn't have a interface filter. So when ever a client travels the gateway that has a portforwaring on it, his ip will be masqueraed. Only one LAN connected to a WAN, no problem, but we've got around 70 LAN Networks connected over the XG. When a client from LAN A connects to a server on LAN B, whiche also has a portforwarding from the internet, the IP of the server will be masquraded with the ip of the XG as well.
Is this behavoir intend to be? Normaly there should also be a interface matching criteria for outgoing interfaces, set to the same wan port used for the dnat rule.
Sorry my english is not that good, but i hope you can understand what i mean.
This thread was automatically locked due to age.