FTGate behind a NAT router/firewall

When running FTGate behind a NAT router or firewall and has an IP address that is either 192.168.x.x or 10.x.x.x, then NAT device will appear to FTGate to be part of the local network address space. This will cause it to be granted automatic authentication rights, and hence it will be able to relay through the server.

The solution to this problem is to simply go to the Global Security Policy and add the address of the router with only the PA flag set.

e.g. If the NAT router has a local address of we would enter:





This will prevent relaying though your server.

See Also: