I need some advice ....
I want to create a NAT rule to allow traffic to NOT be NATTED if it is going to a particular website.
e.g. if going to www.paloaltonetworks.com then dont NAT.
Is it possible to use URL objects for in a NAT policy??
Please could someone suggest how this can be done, or send me some useful links for doing this?
Solved! Go to Solution.
You can use fully qualified domain names as targets/source for your NAT rules e.g. google.com
You can't use HTTP urls e.g. www.google.com/examplepage as URL processing happens after NAT is completed.
Is that what you were after?
You could put the leased line in it's own zone and just exclude it from your NAT statements.
Example - (zones USERS, LEASED, INTERNET)
src USERS -> dst LEASED = NO NAT (this statement probably not necessary since it's already routed?)
src USERS -> dst INTERNET = NAT
If I understand what you are going for you may be able to use policy based forwarding to direct the traffic to the zone/interface of your choosing instead of out to the internet
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!