What are you trying to accomplish?
I use 2 NAT rules for the same device via schedules. Off work hours, depending on the console I want to use I change the rules for which console gets 1:1 public IP mapping.
During work hours when the console is sleeping, or pulling updates, it can sit behind everything.
I am trying to allow a printer on our network scan to a file server folder on an external network, which is easy I can create a nat rule that allows this with no problem. The issue is that a print server on that same remote server has a nat rule to allow a application from their remote network to print the same printer on our local network.. This all occurs across a IPSec tunnel on the PA and the source and destination are natted IP's. Its a direction issue the scan to network goes from trust to VPN and the print server to internal printer goes the other way VPN to untrust. One printer tow functions only works with two nat rules and it not on schedule this solution needs to be applied to over 50 different printers
If it's working under an existing security rule then whether or not you create a separate one for it is really just an administration decision. Personally I like to keep my rulebase as detailed as possible so I know exactly what the rule is supposed to be allowing, but I know others prefer to keep a cleaner rulebase that isn't as detailed.
@BPry So what is your opinion about using a bidirectional nat on the application to print rule to allow access for the scan to the file folder which I guess I would have to add the file server too. I don't like it but my boss asked me to look at it so their aren't so many rules that need to be added
What are the pros and cons of using a bidirectional nat and combining these two rules, won't it keep the the application to printer when the scan to network folder is being used? Is a bidirectional nat rule less secure? The scan to network would then have access to servers it doesn't even scan too as well as the app to printer would have access to a file server it never uses. Anyway looking for the best way to do these two function both in security, number or rules needed.
I'd be hesitant to really give an opinion on that without knowing more about how the NAT entry is actually configured. Keeping in mind that bi-directional NATs effectively create the same NAT statement in reverse from the firewalls aspect, that checkbox can create security issues if not properly configured.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!