NAT - with URL for NAT policy

Reply
Highlighted
L1 Bithead

NAT - with URL for NAT policy

Hello Folks, 

 

I need some advice ....

 

I want to create a NAT rule to allow traffic to NOT be NATTED if it is going to a particular website. 

e.g. if going to www.paloaltonetworks.com then dont NAT.

 

Is it possible to use URL objects for in a NAT policy??

 

Please could someone suggest how this can be done, or send me some useful links for doing this?

 

Thanks

Tags (2)
L0 Member

Re: NAT - with URL for NAT policy

You can use fully qualified domain names as targets/source for your NAT rules e.g. google.com

You can't use HTTP urls e.g. www.google.com/examplepage as URL processing happens after NAT is completed.

 

Is that what you were after?

L4 Transporter

Re: NAT - with URL for NAT policy

That is a particularly odd request.  Do you mind me asking the what the use case is?

L1 Bithead

Re: NAT - with URL for NAT policy

It's for a service that is available over leased line well as the internet. I want to use the leased line for these services instead of using the default NAT statement for the internet.
L4 Transporter

Re: NAT - with URL for NAT policy

You could put the leased line in it's own zone and just exclude it from your NAT statements.

 

Example - (zones USERS, LEASED, INTERNET)

 

src USERS -> dst LEASED = NO NAT  (this statement probably not necessary since it's already routed?)

src USERS -> dst INTERNET = NAT

 

 

 

L4 Transporter

Re: NAT - with URL for NAT policy

If I understand what you are going for you may be able to use policy based forwarding to direct the traffic to the zone/interface of your choosing instead of out to the internet

L1 Bithead

Re: NAT - with URL for NAT policy

Thanks, I simply created a new DMZ for the leased line

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!