https://live.paloaltonetworks.com/t5/general-topics/feature-request-thoughts-around-nat-selection/m-p/226791#M65292 <P>Thought I would give it a try</P><P>&nbsp;</P><P>Default Outbound NAT DST - 0 Dynamic IP/Port 325 257723 36472 4<BR />Default Outbound NAT DST - 1 Dynamic IP/Port 325 257723 36472 4<BR />Default Outbound Non Prod - 0 Dynamic IP/Port 0 258048 36472 4<BR />Default Outbound Non Prod - 1 Dynamic IP/Port 0 258048 36472 4<BR />Default Outbound - 0 Dynamic IP/Port 325 257723 36472 4<BR />Default Outbound - 1 Dynamic IP/Port 325 257723 36472 4</P><P>&nbsp;</P><P>seems like it groups all the same ip address together you can see the top 2 and the bottom 2 match the same port count use</P><P>&nbsp;</P><P>&nbsp;</P><P>thats good</P> Sat, 11 Aug 2018 05:27:40 GMT Alex_Samad 2018-08-11T05:27:40Z https://live.paloaltonetworks.com/t5/general-topics/feature-request-thoughts-around-nat-selection/m-p/226790#M65291 <P>Hi</P><P>&nbsp;</P><P>I have 2 NAT pools, actually 4, cause for HA each pool is doubled - does that make sense.</P><P>&nbsp;</P><P>1 pool is on a.b.c.13 and the second is on a.b.c.113.</P><P>&nbsp;</P><P>All good. what I would like to do is say</P><P>&nbsp;</P><P>going out internet interface from src group "out via non prod" nat to a.b.c.113</P><P>going out internet interface from src group "inside ip address" nat to a.b.c.13</P><P>&nbsp;</P><P>&nbsp;</P><P>but&nbsp; there are some addresses that need to only go via the prod ip (a.b.c.13).</P><P>&nbsp;</P><P>what i found is I can't in my destination selection use a negative address range (I think this would be a good idea - thought I would float here before talking to the SE).</P><P>&nbsp;</P><P>my other alternative is&nbsp;</P><P>&nbsp;</P><P><SPAN>going out internet interface from src group "inside ip address" and destination "is nat only dst"nat to a.b.c.13</SPAN></P><P>going out internet interface from src group "out via non prod" nat to a.b.c.113</P><P>going out internet interface from src group "inside ip address" nat to a.b.c.13</P><P>&nbsp;</P><P>but I am not sure how it would having 2 active pools on the same address is that allowed, i am guessing it is cause i actually have</P><P>&nbsp;</P><P>bound to node 0 on active active</P><P>going out internet interface from src group "out via non prod" nat to a.b.c.113</P><P>going out internet interface from src group "inside ip address" nat to a.b.c.13</P><P>&nbsp;</P><P>bound to node 1 on active active</P><P>going out internet interface from src group "out via non prod" nat to a.b.c.113</P><P>going out internet interface from src group "inside ip address" nat to a.b.c.13</P><P>&nbsp;</P><P>so if node 1 or node 0 fails there would be 2 sete of active pools on the same node ?</P><P>&nbsp;</P> Sat, 11 Aug 2018 05:14:01 GMT https://live.paloaltonetworks.com/t5/general-topics/feature-request-thoughts-around-nat-selection/m-p/226790#M65291 Alex_Samad 2018-08-11T05:14:01Z https://live.paloaltonetworks.com/t5/general-topics/feature-request-thoughts-around-nat-selection/m-p/226791#M65292 <P>Thought I would give it a try</P><P>&nbsp;</P><P>Default Outbound NAT DST - 0 Dynamic IP/Port 325 257723 36472 4<BR />Default Outbound NAT DST - 1 Dynamic IP/Port 325 257723 36472 4<BR />Default Outbound Non Prod - 0 Dynamic IP/Port 0 258048 36472 4<BR />Default Outbound Non Prod - 1 Dynamic IP/Port 0 258048 36472 4<BR />Default Outbound - 0 Dynamic IP/Port 325 257723 36472 4<BR />Default Outbound - 1 Dynamic IP/Port 325 257723 36472 4</P><P>&nbsp;</P><P>seems like it groups all the same ip address together you can see the top 2 and the bottom 2 match the same port count use</P><P>&nbsp;</P><P>&nbsp;</P><P>thats good</P> Sat, 11 Aug 2018 05:27:40 GMT https://live.paloaltonetworks.com/t5/general-topics/feature-request-thoughts-around-nat-selection/m-p/226791#M65292 Alex_Samad 2018-08-11T05:27:40Z