topic Re: NAT based on URL or FQDN in General Topics https://live.paloaltonetworks.com/t5/general-topics/nat-based-on-url-or-fqdn/m-p/31710#M23191 <HTML><HEAD></HEAD><BODY><P>The NAT rule can be specified for Destination Address Object, which can be configured to be an FQDN address object. This setting should work as long as the Palo Alto is able to do a FQDN lookup succesfully for the specified FQDN.</P><P></P><P>However, as long as the FQDN resolves to the same IP you may not be able to have them translated to different Inside servers.</P><P></P><P>The reason being, if multiple FQDNs resolve to the same Public IP, having different NAT rules will create a conflict when setting the NAT rule. The firewall irrespective of whether we have the FQDN or actual IP will still store the IP in the running config, having multiple NAT rules with the same Ip will create a conflict.</P></BODY></HTML> Wed, 30 Oct 2013 23:42:17 GMT Chatri 2013-10-30T23:42:17Z NAT based on URL or FQDN https://live.paloaltonetworks.com/t5/general-topics/nat-based-on-url-or-fqdn/m-p/31709#M23190 <HTML><HEAD></HEAD><BODY><P>Hi, I want to make a NAT based on a URL or FQDN.</P><P>I only have one public IP but several URL that I want to NAT to different inside servers.</P><P>I have this working on a ISA and want to do the same in the PA.</P><P></P><P>I have a PA 500 with 5.0.8.</P></BODY></HTML> Wed, 30 Oct 2013 17:35:34 GMT https://live.paloaltonetworks.com/t5/general-topics/nat-based-on-url-or-fqdn/m-p/31709#M23190 jose.chaves 2013-10-30T17:35:34Z Re: NAT based on URL or FQDN https://live.paloaltonetworks.com/t5/general-topics/nat-based-on-url-or-fqdn/m-p/31710#M23191 <HTML><HEAD></HEAD><BODY><P>The NAT rule can be specified for Destination Address Object, which can be configured to be an FQDN address object. This setting should work as long as the Palo Alto is able to do a FQDN lookup succesfully for the specified FQDN.</P><P></P><P>However, as long as the FQDN resolves to the same IP you may not be able to have them translated to different Inside servers.</P><P></P><P>The reason being, if multiple FQDNs resolve to the same Public IP, having different NAT rules will create a conflict when setting the NAT rule. The firewall irrespective of whether we have the FQDN or actual IP will still store the IP in the running config, having multiple NAT rules with the same Ip will create a conflict.</P></BODY></HTML> Wed, 30 Oct 2013 23:42:17 GMT https://live.paloaltonetworks.com/t5/general-topics/nat-based-on-url-or-fqdn/m-p/31710#M23191 Chatri 2013-10-30T23:42:17Z