diff --git a/src/cisco_lib/NATCompiler_asa8.cpp b/src/cisco_lib/NATCompiler_asa8.cpp
index db87ecc8e..55cc88f5e 100644
--- a/src/cisco_lib/NATCompiler_asa8.cpp
+++ b/src/cisco_lib/NATCompiler_asa8.cpp
@@ -94,13 +94,13 @@ bool NATCompiler_asa8::VerifyRules::processNext()
         return true;
     }
 
-    if (rule->getRuleType()==NATRule::NONAT && (!osrv->isAny() || !tsrv->isAny()))
-    {
-        compiler->abort(
-                rule, 
-                "'no nat' rules should have no services");
-        return true;
-    }
+    // if (rule->getRuleType()==NATRule::NONAT && (!osrv->isAny() || !tsrv->isAny()))
+    // {
+    //     compiler->abort(
+    //             rule, 
+    //             "'no nat' rules should have no services");
+    //     return true;
+    // }
 
     if (osrc->getNeg() ||
         odst->getNeg() ||
diff --git a/src/cisco_lib/NATCompiler_asa8_writers.cpp b/src/cisco_lib/NATCompiler_asa8_writers.cpp
index 79e64253a..42c235335 100644
--- a/src/cisco_lib/NATCompiler_asa8_writers.cpp
+++ b/src/cisco_lib/NATCompiler_asa8_writers.cpp
@@ -133,6 +133,7 @@ NATCompiler_asa8::PrintRule::PrintRule(const std::string &name) :
 
 void NATCompiler_asa8::PrintRule::printNONAT(libfwbuilder::NATRule *rule)
 {
+    printSDNAT(rule);
 }
 
 void NATCompiler_asa8::PrintRule::printSNAT(libfwbuilder::NATRule *rule)
@@ -171,11 +172,14 @@ void NATCompiler_asa8::PrintRule::printSDNAT(NATRule *rule)
 
     cmd << "source";
 
-    if (!tsrc->isAny()) cmd << "dynamic";
-    else cmd << "static";
+    if (tsrc->isAny()) cmd << "static";
+    else cmd << "dynamic";
 
     cmd << pix_comp->getASA8Object(osrc)->getCommandWord();
-    cmd << pix_comp->getASA8Object(tsrc)->getCommandWord();
+    if (tsrc->isAny())
+        cmd << pix_comp->getASA8Object(osrc)->getCommandWord();
+    else
+        cmd << pix_comp->getASA8Object(tsrc)->getCommandWord();
 
     // only need "destination" part if ODst is not any
     if (!odst->isAny())
@@ -190,7 +194,7 @@ void NATCompiler_asa8::PrintRule::printSDNAT(NATRule *rule)
             cmd << pix_comp->getASA8Object(tdst)->getCommandWord();
     }
 
-    if (!osrv->isAny())
+    if (!osrv->isAny() && osrv->getId() != tsrv->getId())
     {
         cmd << "service";
         cmd << pix_comp->getASA8Object(osrv)->getCommandWord();
diff --git a/test/pix/firewall92.fw.orig b/test/pix/firewall92.fw.orig
new file mode 100755
index 000000000..1c8be4e45
--- /dev/null
+++ b/test/pix/firewall92.fw.orig
@@ -0,0 +1,156 @@
+!
+!  This is automatically generated file. DO NOT MODIFY !
+!
+!  Firewall Builder  fwb_pix v4.2.0.3425
+!
+!  Generated Fri Jan  7 16:37:17 2011 PST by vadim
+!
+! Compiled for pix 8.3
+! Outbound ACLs: supported
+! Emulate outbound ACLs: yes
+! Generating outbound ACLs: no
+! Assume firewall is part of any: yes
+!
+!# files: * firewall92.fw
+!
+! testing new style ASA 8.3 nat commands
+! no-nat rules ("identity nat")
+
+
+
+!
+! Prolog script:
+!
+
+!
+! End of prolog script:
+!
+
+
+
+
+interface FastEthernet0
+  nameif inside
+  security-level 100
+exit
+
+interface FastEthernet1
+  nameif outside
+  security-level 0
+exit
+
+
+no logging buffered
+no logging console
+no logging timestamp
+no logging on
+
+
+timeout xlate 3:0:0 
+timeout conn 1:0:0 
+timeout udp 0:2:0 
+timeout sunrpc 0:10:0 
+timeout h323 0:5:0 
+timeout sip 0:30:0 
+timeout sip_media 0:0:0 
+timeout half-closed 0:0:0 
+timeout uauth 2:0:0 absolute
+
+
+clear config ssh
+aaa authentication ssh console LOCAL
+
+clear config snmp-server
+no snmp-server enable traps
+
+clear config ntp
+
+
+no service resetinbound
+no service resetoutside
+no sysopt connection timewait
+no sysopt nodnsalias inbound
+no sysopt nodnsalias outbound
+
+
+class-map inspection_default
+  match default-inspection-traffic
+
+policy-map global_policy
+  class inspection_default
+
+service-policy global_policy global
+
+policy-map type inspect ip-options ip-options-map
+parameters
+  eool action allow
+  router-alert action clear
+
+
+!################
+clear config access-list
+clear config object-group
+clear config icmp
+clear config telnet
+! 
+! Rule  0 (global)
+access-list inside_acl_in deny   ip any any 
+access-list outside_acl_in deny   ip any any 
+
+
+access-group inside_acl_in in interface inside
+access-group outside_acl_in in interface outside
+
+clear xlate
+clear config nat
+clear config object
+
+object network Internal_net
+  subnet 192.168.1.0 255.255.255.0
+quit
+object service http
+  service tcp destination eq 80
+quit
+object network hostA:eth0
+  host 192.168.1.10
+quit
+object service smtp
+  service tcp destination eq 25
+quit
+object network spamhost1
+  host 61.150.47.112
+quit
+object network internal_subnet_1
+  subnet 192.168.1.0 255.255.255.192
+quit
+object network internal_subnet_2
+  subnet 192.168.1.64 255.255.255.192
+quit
+object network test_range_1
+  range 192.168.1.11 192.168.1.15
+quit
+! 
+! Rule  0 (NAT)
+nat (inside,outside) source static Internal_net Internal_net
+! 
+! Rule  1 (NAT)
+nat (inside,outside) source static hostA:eth0 hostA:eth0
+! 
+! Rule  2 (NAT)
+nat (inside,outside) source static hostA:eth0 hostA:eth0 destination static spamhost1 spamhost1
+! 
+! Rule  3 (NAT)
+nat (inside,outside) source static internal_subnet_1 internal_subnet_1
+nat (inside,outside) source static internal_subnet_2 internal_subnet_2
+! 
+! Rule  4 (NAT)
+nat (inside,outside) source static test_range_1 test_range_1 destination static spamhost1 spamhost1
+
+
+
+!
+! Epilog script:
+!
+
+! End of epilog script:
+!
diff --git a/test/pix/objects-for-regression-tests.fwb b/test/pix/objects-for-regression-tests.fwb
index 517756fdc..899e389bf 100644
--- a/test/pix/objects-for-regression-tests.fwb
+++ b/test/pix/objects-for-regression-tests.fwb
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
-<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1294445191" id="root">
+<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1294446618" id="root">
   <Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
     <AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
     <AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@@ -18228,7 +18228,7 @@ no sysopt nodnsalias outbound
           <Option name="xlate_ss">0</Option>
         </FirewallOptions>
       </Firewall>
-      <Firewall id="id19839X26146" host_OS="pix_os" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1294429194" platform="pix" version="8.3" name="firewall90" comment="testing new style ASA 8.3 nat commands&#10;SNAT rules&#10;" ro="False">
+      <Firewall id="id19839X26146" host_OS="pix_os" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1294446761" platform="pix" version="8.3" name="firewall90" comment="testing new style ASA 8.3 nat commands&#10;SNAT rules&#10;" ro="False">
         <NAT id="id19920X26146" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
           <NATRule id="id19921X26146" disabled="False" position="0" action="Translate" comment="">
             <OSrc neg="False">
@@ -18336,7 +18336,7 @@ no sysopt nodnsalias outbound
             </TSrv>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id178073X29963" disabled="False" group="" position="5" action="Translate" comment="double nat. Not supported yet, but with&#10;double nat feature in asa 8,3 we could &#10;support them">
+          <NATRule id="id178073X29963" disabled="False" group="" position="5" action="Translate" comment="">
             <OSrc neg="False">
               <ObjectRef ref="host-hostA"/>
             </OSrc>
@@ -18866,6 +18866,315 @@ no sysopt nodnsalias outbound
           <Option name="xlate_ss">0</Option>
         </FirewallOptions>
       </Firewall>
+      <Firewall id="id20320X6113" host_OS="pix_os" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1294446808" platform="pix" version="8.3" name="firewall92" comment="testing new style ASA 8.3 nat commands&#10;no-nat rules (&quot;identity nat&quot;)&#10;&#10;" ro="False">
+        <NAT id="id20354X6113" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
+          <NATRule id="id20818X6113" disabled="False" group="" position="0" action="Translate" comment="">
+            <OSrc neg="False">
+              <ObjectRef ref="net-Internal_net"/>
+            </OSrc>
+            <ODst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </ODst>
+            <OSrv neg="False">
+              <ServiceRef ref="tcp-HTTP"/>
+            </OSrv>
+            <TSrc neg="False">
+              <ObjectRef ref="sysid0"/>
+            </TSrc>
+            <TDst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </TDst>
+            <TSrv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </TSrv>
+            <NATRuleOptions/>
+          </NATRule>
+          <NATRule id="id20710X6113" disabled="False" group="" position="1" action="Translate" comment="">
+            <OSrc neg="False">
+              <ObjectRef ref="host-hostA"/>
+            </OSrc>
+            <ODst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </ODst>
+            <OSrv neg="False">
+              <ServiceRef ref="tcp-SMTP"/>
+            </OSrv>
+            <TSrc neg="False">
+              <ObjectRef ref="sysid0"/>
+            </TSrc>
+            <TDst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </TDst>
+            <TSrv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </TSrv>
+            <NATRuleOptions/>
+          </NATRule>
+          <NATRule id="id20546X6113" disabled="False" group="" position="2" action="Translate" comment="">
+            <OSrc neg="False">
+              <ObjectRef ref="host-hostA"/>
+            </OSrc>
+            <ODst neg="False">
+              <ObjectRef ref="id4388C37D674"/>
+            </ODst>
+            <OSrv neg="False">
+              <ServiceRef ref="tcp-SMTP"/>
+            </OSrv>
+            <TSrc neg="False">
+              <ObjectRef ref="sysid0"/>
+            </TSrc>
+            <TDst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </TDst>
+            <TSrv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </TSrv>
+            <NATRuleOptions/>
+          </NATRule>
+          <NATRule id="id20655X6113" disabled="False" group="" position="3" action="Translate" comment="">
+            <OSrc neg="False">
+              <ObjectRef ref="id178241X29963"/>
+              <ObjectRef ref="id178250X29963"/>
+            </OSrc>
+            <ODst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </ODst>
+            <OSrv neg="False">
+              <ServiceRef ref="tcp-SMTP"/>
+            </OSrv>
+            <TSrc neg="False">
+              <ObjectRef ref="sysid0"/>
+            </TSrc>
+            <TDst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </TDst>
+            <TSrv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </TSrv>
+            <NATRuleOptions/>
+          </NATRule>
+          <NATRule id="id20600X6113" disabled="False" group="" position="4" action="Translate" comment="">
+            <OSrc neg="False">
+              <ObjectRef ref="id3CD8769F"/>
+            </OSrc>
+            <ODst neg="False">
+              <ObjectRef ref="id4388C37D674"/>
+            </ODst>
+            <OSrv neg="False">
+              <ServiceRef ref="tcp-SMTP"/>
+            </OSrv>
+            <TSrc neg="False">
+              <ObjectRef ref="sysid0"/>
+            </TSrc>
+            <TDst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </TDst>
+            <TSrv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </TSrv>
+            <NATRuleOptions/>
+          </NATRule>
+          <RuleSetOptions/>
+        </NAT>
+        <Policy id="id20340X6113" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
+          <PolicyRule id="id20341X6113" disabled="False" log="False" position="0" action="Deny" direction="Both" comment="">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">True</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <RuleSetOptions/>
+        </Policy>
+        <Routing id="id20426X6113" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
+          <RuleSetOptions/>
+        </Routing>
+        <Interface id="id20328X6113" dedicated_failover="False" dyn="False" label="inside" mgmt="False" network_zone="net-Internal_net" security_level="100" unnum="False" unprotected="False" name="FastEthernet0" comment="" ro="False">
+          <IPv4 id="id20331X6113" name="firewall92:FastEthernet0:ip" comment="" ro="False" address="192.168.1.1" netmask="255.255.255.0"/>
+          <InterfaceOptions/>
+        </Interface>
+        <Interface id="id20333X6113" dedicated_failover="False" dyn="False" label="outside" mgmt="False" network_zone="sysid0" security_level="0" unnum="False" unprotected="False" name="FastEthernet1" comment="" ro="False">
+          <IPv4 id="id20337X6113" name="firewall92:FastEthernet1:ip" comment="" ro="False" address="22.22.22.22" netmask="255.255.255.0"/>
+          <IPv4 id="id20338X6113" name="firewall92:FastEthernet1:ip-1" comment="" ro="False" address="22.22.22.23" netmask="255.255.255.0"/>
+          <InterfaceOptions/>
+        </Interface>
+        <Management address="22.22.22.22">
+          <SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
+          <FWBDManagement enabled="True" identity="" port="9999"/>
+          <PolicyInstallScript arguments="" command="" enabled="False"/>
+        </Management>
+        <FirewallOptions>
+          <Option name="accept_established">True</Option>
+          <Option name="accept_new_tcp_with_no_syn">True</Option>
+          <Option name="action_on_reject">ICMP net unreachable</Option>
+          <Option name="admUser"></Option>
+          <Option name="altAddress"></Option>
+          <Option name="check_shading">False</Option>
+          <Option name="clamp_mss_to_mtu">False</Option>
+          <Option name="cmdline"></Option>
+          <Option name="compiler"></Option>
+          <Option name="conn_hh">1</Option>
+          <Option name="conn_mm">0</Option>
+          <Option name="conn_ss">0</Option>
+          <Option name="ctiqbe_fixup">2 2748 0 nil 0</Option>
+          <Option name="debug">False</Option>
+          <Option name="dns_fixup">2 65535 0 nil 0</Option>
+          <Option name="dyn_addr">False</Option>
+          <Option name="espike_fixup">2 0 0 nil 0</Option>
+          <Option name="filesystem"></Option>
+          <Option name="firewall_dir"></Option>
+          <Option name="firewall_is_part_of_any">True</Option>
+          <Option name="firewall_is_part_of_any_and_networks">True</Option>
+          <Option name="ftp_fixup">2 21 0 strict 0</Option>
+          <Option name="h323_h225_fixup">2 1720 1720 nil 0</Option>
+          <Option name="h323_hh">0</Option>
+          <Option name="h323_mm">5</Option>
+          <Option name="h323_ras_fixup">2 1718 1719 nil 0</Option>
+          <Option name="h323_ss">0</Option>
+          <Option name="half-closed_hh">0</Option>
+          <Option name="half-closed_mm">0</Option>
+          <Option name="half-closed_ss">0</Option>
+          <Option name="http_fixup">2 80 80 nil 0</Option>
+          <Option name="icmp_error_fixup">2 0 0 nil 0</Option>
+          <Option name="ignore_empty_groups">False</Option>
+          <Option name="ils_fixup">2 389 389 nil 0</Option>
+          <Option name="in_out_code">True</Option>
+          <Option name="inst_cmdline"></Option>
+          <Option name="inst_script"></Option>
+          <Option name="install_script"></Option>
+          <Option name="ip_options_eool_fixup">0 0 0 nil 0</Option>
+          <Option name="ip_options_nop_fixup">1 0 0 nil 0</Option>
+          <Option name="ip_options_rtralt">2 0 0 nil 0</Option>
+          <Option name="ip_options_rtralt_fixup">3 0 0 nil 0</Option>
+          <Option name="ipv4_6_order">ipv4_first</Option>
+          <Option name="limit_suffix">/day</Option>
+          <Option name="limit_value">0</Option>
+          <Option name="linux24_ip_forward">0</Option>
+          <Option name="linux24_tcp_fin_timeout">30</Option>
+          <Option name="linux24_tcp_keepalive_interval">1800</Option>
+          <Option name="load_modules">False</Option>
+          <Option name="log_all_dropped">False</Option>
+          <Option name="log_ip_opt">False</Option>
+          <Option name="log_level">debug</Option>
+          <Option name="log_limit_suffix">/second</Option>
+          <Option name="log_limit_value">0</Option>
+          <Option name="log_prefix"></Option>
+          <Option name="log_tcp_opt">False</Option>
+          <Option name="log_tcp_seq">False</Option>
+          <Option name="manage_virtual_addr">True</Option>
+          <Option name="mgcp_fixup">2 2427 2727 nil 0</Option>
+          <Option name="mgmt_addr"></Option>
+          <Option name="mgmt_ssh">False</Option>
+          <Option name="modulate_state">False</Option>
+          <Option name="no_iochains_for_any">False</Option>
+          <Option name="no_optimisation">False</Option>
+          <Option name="output_file"></Option>
+          <Option name="pass_all_out">False</Option>
+          <Option name="pix_acl_basic">True</Option>
+          <Option name="pix_acl_no_clear">False</Option>
+          <Option name="pix_acl_substitution">False</Option>
+          <Option name="pix_acl_temp_addr"></Option>
+          <Option name="pix_add_clear_statements">True</Option>
+          <Option name="pix_assume_fw_part_of_any">True</Option>
+          <Option name="pix_check_duplicate_nat">False</Option>
+          <Option name="pix_check_overlapping_global_pools">True</Option>
+          <Option name="pix_check_overlapping_global_statics">True</Option>
+          <Option name="pix_check_overlapping_statics">True</Option>
+          <Option name="pix_check_rule_shading">False</Option>
+          <Option name="pix_connection_timewait">False</Option>
+          <Option name="pix_emb_limit">0</Option>
+          <Option name="pix_emblem_log_format">False</Option>
+          <Option name="pix_emulate_out_acl">True</Option>
+          <Option name="pix_epilog_script"></Option>
+          <Option name="pix_floodguard">False</Option>
+          <Option name="pix_fragguard">False</Option>
+          <Option name="pix_generate_out_acl">False</Option>
+          <Option name="pix_include_comments">True</Option>
+          <Option name="pix_ip_address">False</Option>
+          <Option name="pix_logging_buffered">False</Option>
+          <Option name="pix_logging_buffered_level">0</Option>
+          <Option name="pix_logging_console">False</Option>
+          <Option name="pix_logging_console_level">0</Option>
+          <Option name="pix_logging_timestamp">False</Option>
+          <Option name="pix_logging_trap_level">0</Option>
+          <Option name="pix_max_conns">0</Option>
+          <Option name="pix_nodnsalias_inbound">False</Option>
+          <Option name="pix_nodnsalias_outbound">False</Option>
+          <Option name="pix_optimize_default_nat">False</Option>
+          <Option name="pix_prolog_script"></Option>
+          <Option name="pix_regroup_commands">False</Option>
+          <Option name="pix_replace_natted_objects">True</Option>
+          <Option name="pix_resetinbound">False</Option>
+          <Option name="pix_resetoutside">False</Option>
+          <Option name="pix_route_dnat">False</Option>
+          <Option name="pix_set_host_name">False</Option>
+          <Option name="pix_ssh_timeout">0</Option>
+          <Option name="pix_syslog_device_id_opt"></Option>
+          <Option name="pix_syslog_device_id_val"></Option>
+          <Option name="pix_syslog_facility"></Option>
+          <Option name="pix_syslog_host"></Option>
+          <Option name="pix_syslog_queue_size">0</Option>
+          <Option name="pix_telnet_timeout">0</Option>
+          <Option name="pix_use_acl_remarks">False</Option>
+          <Option name="pix_use_manual_commit">False</Option>
+          <Option name="platform">iptables</Option>
+          <Option name="pptp_fixup">2 1723 0 nil 0</Option>
+          <Option name="proxy_arp">False</Option>
+          <Option name="rpc_hh">0</Option>
+          <Option name="rpc_mm">10</Option>
+          <Option name="rpc_ss">0</Option>
+          <Option name="rsh_fixup">2 514 0 nil 0</Option>
+          <Option name="rtsp_fixup">2 554 0 nil 0</Option>
+          <Option name="scpArgs"></Option>
+          <Option name="script_env_path"></Option>
+          <Option name="short_script">False</Option>
+          <Option name="sip_fixup">2 5060 5060 nil 0</Option>
+          <Option name="sip_hh">0</Option>
+          <Option name="sip_media_hh">0</Option>
+          <Option name="sip_media_mm">0</Option>
+          <Option name="sip_media_ss">0</Option>
+          <Option name="sip_mm">30</Option>
+          <Option name="sip_ss">0</Option>
+          <Option name="sip_udp_fixup">2 5060 0 nil 0</Option>
+          <Option name="skinny_fixup">2 2000 2000 nil 0</Option>
+          <Option name="smtp_fixup">2 25 25 nil 0</Option>
+          <Option name="snmp_contact"></Option>
+          <Option name="snmp_description"></Option>
+          <Option name="snmp_location"></Option>
+          <Option name="sqlnet_fixup">2 1521 1521 nil 0</Option>
+          <Option name="sshArgs"></Option>
+          <Option name="ssh_timeout">5</Option>
+          <Option name="telnet_timeout">5</Option>
+          <Option name="tftp_fixup">2 69 0 nil 0</Option>
+          <Option name="uauth_abs">True</Option>
+          <Option name="uauth_hh">2</Option>
+          <Option name="uauth_inact">False</Option>
+          <Option name="uauth_mm">0</Option>
+          <Option name="uauth_ss">0</Option>
+          <Option name="udp_hh">0</Option>
+          <Option name="udp_mm">2</Option>
+          <Option name="udp_ss">0</Option>
+          <Option name="use_ip_tool">False</Option>
+          <Option name="use_numeric_log_levels">False</Option>
+          <Option name="use_scp">False</Option>
+          <Option name="xlate_hh">3</Option>
+          <Option name="xlate_mm">0</Option>
+          <Option name="xlate_ss">0</Option>
+        </FirewallOptions>
+      </Firewall>
     </ObjectGroup>
     <IntervalGroup id="stdid11_1" name="Time" comment="" ro="False"/>
   </Library>