I'm looking to simplify our policy and have started to use more inline layers. I was wondering how items with a NAT to them would work when defining the rule. Do I need to define both the NATed network and the DMZ Network as the destination? Or can I just use the DMZ network? I'm thinking I would need to define both. If it helps - the DMZ Items have the NATed address in the object.
1 rule - Source: Any Destination: one or two DMZ address with NAT Service: 80.
2nd Rule -Source: Any Destination: one DMZ address with NAT Service: TCP port.
Top - Source: Any Destination: DMZ (and NATed Network?) Service: Any
Next - Source: External Destination: Specific DMZ Server Service: 80