Which Source Address Shall I Specify in a Security Policy on a NGFW Configured with a Source NAT Policy?
Specify a private address (source address) in a security policy on a NGFW. The private address is the one that is used before source NAT is performed.
The NGFW matches packets with a security policy before enforcing a NAT policy. If the packets match the security policy, the NGFW performs source NAT for the packets. If the packets do not match the security policy, the NGFW discards the packets.