12-04-2012 07:42 AM
Is this even possible? I know I can see the security rules being hit in the logs but what about the NAT rules?
12-04-2012 09:11 AM
Hi
You can look at the session id from the traffic logs for the session you are interesting in finding the NAT rule for and then go to the CLI and type
show session id (session id number)
and it will give you an output as below and you can look at the NAT rule that it is hitting.
admin@PA-2050> show session id 1
Session 1
c2s flow:
source: 192.168.86.205 [L3-Trusted]
dst: 4.2.2.2
proto: 17
sport: 60968 dport: 53
state: INIT type: FLOW
src user: unknown
dst user: unknown
s2c flow:
source: 4.2.2.2 [L3-Untrusted]
dst: 10.30.6.86
proto: 17
sport: 53 dport: 34370
state: INIT type: FLOW
src user: unknown
dst user: unknown
start time : Mon Dec 3 23:28:12 2012
timeout : 30 sec
total byte count(c2s) : 158
total byte count(s2c) : 229
layer7 packet count(c2s) : 2
layer7 packet count(s2c) : 1
vsys : vsys1
application : dns
rule : rule1
session to be logged at end : True
session in session ager : False
session synced from HA peer : False
address/port translation : source + destination
nat-rule : NAT4Trusted2Untrusted(vsys1)
layer7 processing : enabled
URL filtering enabled : True
URL category : any
session via syn-cookies : False
session terminated on host : False
session traverses tunnel : False
captive portal session : False
ingress interface : ethernet1/6
egress interface : ethernet1/3
session QoS rule : N/A (class 4)
DoS rule : L3-Trust2L3-Untrust
Please let us know if this helps.
Thank you
Numan
12-04-2012 09:11 AM
Hi
You can look at the session id from the traffic logs for the session you are interesting in finding the NAT rule for and then go to the CLI and type
show session id (session id number)
and it will give you an output as below and you can look at the NAT rule that it is hitting.
admin@PA-2050> show session id 1
Session 1
c2s flow:
source: 192.168.86.205 [L3-Trusted]
dst: 4.2.2.2
proto: 17
sport: 60968 dport: 53
state: INIT type: FLOW
src user: unknown
dst user: unknown
s2c flow:
source: 4.2.2.2 [L3-Untrusted]
dst: 10.30.6.86
proto: 17
sport: 53 dport: 34370
state: INIT type: FLOW
src user: unknown
dst user: unknown
start time : Mon Dec 3 23:28:12 2012
timeout : 30 sec
total byte count(c2s) : 158
total byte count(s2c) : 229
layer7 packet count(c2s) : 2
layer7 packet count(s2c) : 1
vsys : vsys1
application : dns
rule : rule1
session to be logged at end : True
session in session ager : False
session synced from HA peer : False
address/port translation : source + destination
nat-rule : NAT4Trusted2Untrusted(vsys1)
layer7 processing : enabled
URL filtering enabled : True
URL category : any
session via syn-cookies : False
session terminated on host : False
session traverses tunnel : False
captive portal session : False
ingress interface : ethernet1/6
egress interface : ethernet1/3
session QoS rule : N/A (class 4)
DoS rule : L3-Trust2L3-Untrust
Please let us know if this helps.
Thank you
Numan
12-06-2012 11:51 AM
Hi,
You can use the following command as well to see the user as what rule he would hit going to a particular destination.
admin@PA-500> test nat-policy-match source 192.168.1.25 destination 4.2.2.2 destination-port 80 protocol 6
Thanks,
Syed Hasnain
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
