NimbostratusCertainly the solution you are trying to achieve is possible. Your current approach needs some tweaking though in order to get it to work. You cannot make a comparison of a raw IP address with a network address range without incorporating the IP::addr command. For example [IP::addr [IP::client_addr] equals 10.0.0.0/8] checks to see if the client's IP address is in the 10.0.0.0/8 network. It will probably be easier to do this check from an IF statement rather than a SWITCH. Something like this perhaps:
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals 10.0.0.0/8] ||
[IP::addr [IP::client_addr] equals 172.16.0.0/12] ||
[IP::addr [IP::client_addr] equals 192.168.0.0/16] } {
snat none
} else {
snat 8.8.8.8
}
}