I am looking to add around 60+ NAT rules for monitoring over IPsec that requires a policy NAT. I need to have them above another rule in the list for it to work. It is a very messy NAT list that I don't have the freedom to clean up. The NAT entries are being added to a device group in Panorama.
Thanks in advance,
As I understand, in short, you want to add 60+ NAT rule to be above an existing rule.
If that is the situation, you can configure the new NAT rules, and after you are done, clone this existing NAT rule, you can choose to have the new cloned rule to be after any rule you specify. After you clone it, delete old one.
Hope this helps,
You can re-order using the CLI but you can't create rules with sequence numbers to place them where you want in the policy. (That would be a nice feature)
So if you really wanted to get the rules in order as you go, you would have to use a 'move' command after creating each nat rule.
Maybe something like this, depending on what order you want things in.
set device-group <groupname> pre-rulebase nat rules NAT1 .......
move device-group <groupname> pre-rulebase nat rules NAT1 before CURRENTNAT (or you could use 'top' instead of 'before' if you want it first)
set device-group <groupname> pre-rulebase nat rules NAT2 .......
move device-group <groupname> pre-rulebase nat rules NAT2 before CURRENTNAT (or you could use 'after NAT1' if you want it beneath)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!