We have TMG located behind Checkpoint Firewall.
Default gateway of the clients is pointing to TMG and the external interface of the TMG sending traffic to Checkpoint and to internet.
We have not allowed any Route in TMG so by default all clients should NAT while hitting checkpoint.
One default network configuration has Localhost Route to External
Issues
While allowing outbound traffic we are creating a access rule to allow the internal client to external on the specified port as all users because its secureNAT.
But on checkpoint we are creating a allow rule from source as direct internal client ( NOT TMG external Interface IP ) and destination as internet and its working.
My questing is – the TMG should NAT and checkpoint should not be knowing the internal client Address as TMG should be Natting the traffic. So the source should be TMG external interface IP for Checkpoint.
Please help in understanding how things works in my scenario, or the default local host route is making such behavior.