From d887dd95dbcb49df325111b08ce1f61153185d49 Mon Sep 17 00:00:00 2001
From: Michael <m.muenz@gmail.com>
Date: Mon, 26 Aug 2019 16:17:21 +0200
Subject: [PATCH] add missing doc for auto-nat since 19.7

---
 source/manual/how-tos/ipsec-s2s-route-azure.rst | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/source/manual/how-tos/ipsec-s2s-route-azure.rst b/source/manual/how-tos/ipsec-s2s-route-azure.rst
index 5baf0edc9..5e3c2a4b2 100644
--- a/source/manual/how-tos/ipsec-s2s-route-azure.rst
+++ b/source/manual/how-tos/ipsec-s2s-route-azure.rst
@@ -256,9 +256,9 @@ Press the button that says 'OK':
 
 .. image:: images/ipsec_s2s_route_azure_conn.png
 
------------------------
-Firewall Rules OPNsense
------------------------
+----------------------
+Firewall Rules and NAT
+----------------------
 
 To allow traffic passing to your LAN subnet you need to add a rule to the IPsec
 interface (under :menuselection:`Firewall --> Rules --> IPsec`).
@@ -266,6 +266,11 @@ interface (under :menuselection:`Firewall --> Rules --> IPsec`).
 .. image:: images/ipsec_ipsec_lan_rule.png
     :width: 100%
 
+Since version 19.7 assigned IPSec interfaces are added to automatic outbound rules.
+You have to switch to **Manual outbound NAT rule generation** and add all the rules
+which existed previously. In most cases it is one rules for interface *WAN* and 
+*LAN network* as the source.
+
 ------------------
 IPsec Tunnel Ready
 ------------------