Has anyone played with the no NAT functionality in MX 15? I'm playing with a few different topologies and currently I want to run without the MX doing NAT. The topology is:
Internet --- Firepower 1010 --- MX67 --- Clients
I want the Firepower 1010 to see the real IP addresses of the clients. The Firepower will also handle all NAT duties to/from the Internet. All my clients and services are behind the MX67, there's only a small /30 between the MX and the Firepower. Thus, I need to poke holes in the firewall of the MX to allow for incoming services to work. Previously, with NAT mode, I'd just configure the port forwarding rule on the Firewall page and everything works. However, once the NAT exceptions are enabled the port forwards don't work (as expected), thus I need to poke a hole in the Inbound firewall to allow the traffic to hit the relevant ports on the relevant IP addresses. However, there is no inbound firewall configuration options available. The only thing I see in the Dashboard are the regular outbound firewall rules. The only way I can get the inbound firewall rules to appear is by using passthrough mode, but that has other limitations I'd prefer to avoid.
Am I missing something basic? It seems like no NAT needs to expose inbound firewall rule configurations. Otherwise, it's impossible to host any services behind the MX.