I have a large network that is a large lab environment. I have a palo that is the center of the entire network. Its really just there for controlling E/W traffic between segments and to act as a router. There are 10 segments total. Currently the PALO sends the traffic via a NAT to my IPFIRE GREEN using an single ip address in the green pool for each segment. (see below). So, basically segment 1-10 have static IP’s that are natted from the PALO to the IPFIRE. What I am wanting to do is see if there is a way that I can allow all internal networks to the IPFIRE without doing a NAT on the palo. I have 10 different ranges that are in these 3 private ranges 10.0.0.x, 192.168.0.x, 172.16.0.x. I want to see each of the leases show up on IPFIRE green. as in, the green network can route any of the following private ip scopes. I am not sure if it can do this, or maybe it can and I just have not found it. Many thanks 
- - - Jacob.
Below is an example of the 3 out of 10 segments nat’d on the palo.
