Comments
-
I've resolved this - I was missing a NAT rule for all firewalled subnets X1/X1 for the corresponding service group to ANY/ANY. The static route is from the internal IP / defaults / X1 as the interface. The firewall rule for the services is from WAN/LAN with X1 IP as the destination.
-
It appears as if I answered my own question. I had to set up individual NAT table entries for each X26:V** Interface with the X25 as the Egress, using the Public IP Pool as the translated source and "any/original" as the rest. I thought I could do them all at the same time, but this will get me where I need to go.