Create a Post
Showing results for 
Search instead for 
Did you mean: 

Domain object and NAT R80.30


I am running R80.30 HFA 237  and have got request from customer to have access to some dynamic destinations . I have created DNS FQDN object In access rulebase then I do have source host10.20.30.40 and destination . It works as expected. But issue is, that I have to do (hide) NAT to an public IP . Further more, that public IP is not directly on gateway, but it is routed towards gateway.

I am wonder, how it might behave, if I create as source object host10.20.30.40_NAT with automatic NAT to and use it in rule to destination . And in rest of the access rulebase still will be used "no NAT" object host10.20.30.40 .

Or, alternatively, I did not find how in R80.30 NAT rulebase is behaving, if it is also column based match or first match? In such case I might be able to create "no NAT" rules for given source host in NAT rulebase and on the very bottom added host10.20.30.40 to Internet with hide NAT .

I am aware, that dynamic objects in NAT are fixed in R81, but I could not upgrade in near future.

Thank you for any opinion or suggestion.

0 Kudos
1 Reply

The NAT rulebase is first match.
The approach of using NO NAT rules seems reasonable.


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events