Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
MartinOles
Participant

Domain object and NAT R80.30

Hi,

I am running R80.30 HFA 237  and have got request from customer to have access to some dynamic destinations customer.cdn.cloudflare.net . I have created DNS FQDN object .customer.cdn.cloudflare.net. In access rulebase then I do have source host10.20.30.40 and destination .customer.cdn.cloudflare.net . It works as expected. But issue is, that I have to do (hide) NAT to an public IP 77.78.1.1 . Further more, that public IP is not directly on gateway, but it is routed towards gateway.

I am wonder, how it might behave, if I create as source object host10.20.30.40_NAT with automatic NAT to 77.78.1.1 and use it in rule to destination .customer.cdn.cloudflare.net . And in rest of the access rulebase still will be used "no NAT" object host10.20.30.40 .

Or, alternatively, I did not find how in R80.30 NAT rulebase is behaving, if it is also column based match or first match? In such case I might be able to create "no NAT" rules for given source host in NAT rulebase and on the very bottom added host10.20.30.40 to Internet with hide NAT 77.78.1.1 .

I am aware, that dynamic objects in NAT are fixed in R81, but I could not upgrade in near future.

Thank you for any opinion or suggestion.

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

The NAT rulebase is first match.
The approach of using NO NAT rules seems reasonable.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events