I have imported an ASA configuration and for 2 security rules I see the information message that the NAT rule modified the destination address of the security rule, however, it only did this on the DMZ zone for 2 addresses and not the inside zone. Is there anything we can do to make the MT change all destination addresses for security rules that have NAT? Here is a screen capture of my message:
We are currently checking if the objects used in the dnat is the same used as a destination on the security rule. If the objects matches then we replace them. If you are using Ip address in the rules and objects in Nat then they will not match and the tool not be able to replace them. We will improve this in 4.0 to check ip address instead.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!