https://community.checkpoint.com/t5/Firewall-and-Security-Management/Is-it-able-to-set-domain-objects-groups-as-destination-fro-NAT/m-p/207325#M39202 <P>Hi Experts,</P><P>&nbsp;</P><P>We are using R81.20 take 26 as our firewall, and have some NAT rules. All the traffic is routed to Datacenter through a GRE tunnel.</P><P>But we still have some traffic needs to bypass the tunnel and NAT to internet directly. In the NAT rules, we use Host Group as destination and all hosts are IP address.</P><P>My question is, is it possible to put the Domain Groups ( Domain objects ) into the destination? including FQDN and non-FQDN. As the URL/domains are based on AWS CDN service and the IPs varies.</P><P>If it doesn't support, should I use DNS Checker to find out all the IP addresses' public resolution for the domains,&nbsp; and add all the IPs to the destination? That would be a manual work and needs to update frequently if the server's IP changed.</P><P>&nbsp;</P><P>Thanks very much&nbsp;</P><P>Best regards</P><P>George</P> Tue, 27 Feb 2024 23:46:09 GMT GeorgeF 2024-02-27T23:46:09Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Is-it-able-to-set-domain-objects-groups-as-destination-fro-NAT/m-p/207325#M39202 <P>Hi Experts,</P><P>&nbsp;</P><P>We are using R81.20 take 26 as our firewall, and have some NAT rules. All the traffic is routed to Datacenter through a GRE tunnel.</P><P>But we still have some traffic needs to bypass the tunnel and NAT to internet directly. In the NAT rules, we use Host Group as destination and all hosts are IP address.</P><P>My question is, is it possible to put the Domain Groups ( Domain objects ) into the destination? including FQDN and non-FQDN. As the URL/domains are based on AWS CDN service and the IPs varies.</P><P>If it doesn't support, should I use DNS Checker to find out all the IP addresses' public resolution for the domains,&nbsp; and add all the IPs to the destination? That would be a manual work and needs to update frequently if the server's IP changed.</P><P>&nbsp;</P><P>Thanks very much&nbsp;</P><P>Best regards</P><P>George</P> Tue, 27 Feb 2024 23:46:09 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Is-it-able-to-set-domain-objects-groups-as-destination-fro-NAT/m-p/207325#M39202 GeorgeF 2024-02-27T23:46:09Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Is-it-able-to-set-domain-objects-groups-as-destination-fro-NAT/m-p/207328#M39203 <P>I've not tested groups, however the following object types are supported in R81+</P> <DIV id="tinyMceEditor_59f538c13e062eChris_Atkinson_0" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="NAT rules.jpg" style="width: 726px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/24664i208CD3E01024EE8B/image-size/large?v=v2&amp;px=999" role="button" title="NAT rules.jpg" alt="NAT rules.jpg" /></span></P> <P>Source:&nbsp;<A href="https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_RN/Topics-RN/Whats-New.htm?tocpath=What%27s%20New%7C_____1#Security_Gateway_and_Gaia" target="_blank">https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_RN/Topics-RN/Whats-New.htm?tocpath=What%27s%20New%7C_____1#Security_Gateway_and_Gaia</A>&nbsp;</P> Wed, 28 Feb 2024 01:06:26 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Is-it-able-to-set-domain-objects-groups-as-destination-fro-NAT/m-p/207328#M39203 Chris_Atkinson 2024-02-28T01:06:26Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Is-it-able-to-set-domain-objects-groups-as-destination-fro-NAT/m-p/207329#M39204 <P>All of those work in R81.20, for sure, tested in the lab myself.</P> <P>Best,</P> <P>Andy</P> Wed, 28 Feb 2024 02:48:33 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Is-it-able-to-set-domain-objects-groups-as-destination-fro-NAT/m-p/207329#M39204 the_rock 2024-02-28T02:48:33Z