cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Automatic NAT installed on Two Firewalls

When you perform automatic NAT on an object, you have two options. You can select a single firewall/cluster or All. Is there any way you can select two or something like Policy targets using automatic? The only way I can find is by doing manual NAT rules. It looks like it will let you do Policy Targets.

4 Replies

Re: Automatic NAT installed on Two Firewalls

Automatic NAT is limited to either Policy Targets or 1 Specifiable Gateway.

This is the limit. Indeed Manual does not have this limitation, you can select all the targets you want.

I smell an RFE.

Regards, Maarten
Petr_Hantak
Silver

Re: Automatic NAT installed on Two Firewalls

Really true, just remember in pre-R80 versions you are also limited to policy targets in Manual NAT as well.

0 Kudos
Danny
Pearl

Re: Automatic NAT installed on Two Firewalls

Kevin wrote:

The only way I can find is by doing manual NAT rules.

There are many other ways..

  • You could clone your object and create the Auto-NAT for your secondary policy installation target there.
  • You could use port mapping instead of NAT. (See this thread)
  • You could consolidate your policy installation targets into one big cluster.
  • You could use Multi-Domain Security Management to have separate object database for your clusters.
  • You could use a Mgmt_CLI script to change the NAT according to the policy installation target.
  • .. and many more ways

Re: Automatic NAT installed on Two Firewalls

I have my primary and backup data center clusters in the same policy package. Basically, I am trying to find the easiest and simplest way to NAT to just these clusters in case we fail-over to our backup data center.

  • You could clone your object and create the Auto-NAT for your secondary policy installation target there.
    • Won't the first rule top down always get matched for the auto rules? If the clones are further down, will they ever get hit?

Could you give an example for each of these? I'm not sure what you mean.

  • You could consolidate your policy installation targets into one big cluster.
  • You could use a Mgmt_CLI script to change the NAT according to the policy installation target.