Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Kevin_Orrison
Contributor

Automatic NAT installed on Two Firewalls

When you perform automatic NAT on an object, you have two options. You can select a single firewall/cluster or All. Is there any way you can select two or something like Policy targets using automatic? The only way I can find is by doing manual NAT rules. It looks like it will let you do Policy Targets.

4 Replies
Maarten_Sjouw
Champion
Champion

Automatic NAT is limited to either Policy Targets or 1 Specifiable Gateway.

This is the limit. Indeed Manual does not have this limitation, you can select all the targets you want.

I smell an RFE.

Regards, Maarten
Petr_Hantak
Advisor

Really true, just remember in pre-R80 versions you are also limited to policy targets in Manual NAT as well.

0 Kudos
Danny
Champion
Champion

Kevin wrote:

The only way I can find is by doing manual NAT rules.

There are many other ways..

  • You could clone your object and create the Auto-NAT for your secondary policy installation target there.
  • You could use port mapping instead of NAT. (See this thread)
  • You could consolidate your policy installation targets into one big cluster.
  • You could use Multi-Domain Security Management to have separate object database for your clusters.
  • You could use a Mgmt_CLI script to change the NAT according to the policy installation target.
  • .. and many more ways
Kevin_Orrison
Contributor

I have my primary and backup data center clusters in the same policy package. Basically, I am trying to find the easiest and simplest way to NAT to just these clusters in case we fail-over to our backup data center.

  • You could clone your object and create the Auto-NAT for your secondary policy installation target there.
    • Won't the first rule top down always get matched for the auto rules? If the clones are further down, will they ever get hit?

Could you give an example for each of these? I'm not sure what you mean.

  • You could consolidate your policy installation targets into one big cluster.
  • You could use a Mgmt_CLI script to change the NAT according to the policy installation target.