Logs show NATed IP instead of private IP when the rule is set to drop the traffic.
When the rule is set to drop the traffic, we are getting NATed IP on Syslog server's logs. All dropped traffic is showing public IP instead of private so we can't differentiate between logs based on private IP. We were informed that the Cyberoam firewall has such architecture. And if we want the private IP we need to set the action and allow and drop the traffic using utm features.
This should not happen.
Good idea but I would suggest making this behavior tunable via a knob setting vs. changing the behavior altogether.