Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Copper

Access Role - NAT (original source)

Can you please inform me if we can use access role as an original source for NAT ?

on R80.20 

0 Kudos
2 Replies
Highlighted
Admin
Admin

No, you cannot

0 Kudos
Highlighted

Val is correct, in fact I don't personally consider the NAT rulebase a "real" policy layer like all the others.  You are confined to using host/network/range IP addresses along with port numbers (and groups of these) in NAT rules, and can't use most of the more advanced object types introduced later such as Access Roles, Security Zones, and Applications/URL Categories.  Updatable Objects can be used in NAT rules, but only if they just consist of a list of IP addresses/networks.  

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos