Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Bob_Zimmerman
Authority
Authority

Identifying Auto-Generated NAT Sections?

Is there a good way to identify auto-generated NAT sections without trying to add new NAT rules to them?

The NAT rules they contain all have the "auto-generated" flag set to true, but these sections don't necessarily contain NAT rules, so I can't use that.

They all have names like "Automatic Generated Rules : Machine Static NAT", but nothing keeps a human from naming a section similarly. Names have to be unique, so I guess I could key off of the exact names? Not great, but may work.

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

Yeah, I'd probably use the name as your key (short of adding NAT rules, of course).

0 Kudos
Bob_Zimmerman
Authority
Authority

Which brings up another potentially interesting question. The automatic NAT sections exist in all policies at once. Same NAT section object shows up in each, and the same NAT rule objects show up in the sections.

Can normal NAT sections be in more than one policy package? I don't think they can, but I don't know if anything actually prevents the same section from being in multiple policies like an automatic section.

0 Kudos
PhoneBoy
Admin
Admin

Nothing is preventing you from having the same NAT section defined in multiple policy packages.
However, it's specific to that policy package.

0 Kudos
Bob_Zimmerman
Authority
Authority

That would be different sections with the same name, though. What I'm saying it every single policy package has in its NAT rulebase exactly the same "Automatic Generated Rules : Machine Static NAT" section. Not copies, but the same section with the same UUID. This means NAT sections don't have just one parent policy package but could potentially have many parent policy packages. I want to confirm whether that situation is allowed for human-created NAT sections.

I don't see a way to cause that situation with the API, but the public API still has some limitations compared to what the management server allows to be done through other means.

0 Kudos
PhoneBoy
Admin
Admin

As far as I know, those automatic sections are fixed across all policy packages and there's no way to create sections like that through other means.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events