Identified User and NAT

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Identified User and NAT

L4 Transporter

Hi,

for certain of our users is it aloud to use firefox. they are identified by their username. But if the want to go to internet they have to be "NATted" . It is possible and when how to create a NAT-Rule? What is known:  username and the application.

NAT-question.PNG.png

Best regards

Klaus

1 accepted solution

Accepted Solutions

Hello Kdd,

User names or User groups are defined in the security policy.

In the Nat rules the options available are source IPs and source zone and destination zone to indicate Nat rules. Later select source Nat or destination Nat.

Nat need not have the Usernames because all this is controlled from the security rules ie user and custom application ( firefox browser here )

Docs would help:

Understanding PAN-OS NAT

Security Policy Guidelines

View solution in original post

5 REPLIES 5

L4 Transporter

you could create a nat rule base on group or username and base on an custom application

custom application with signature base on the user-agent header that contain firefox.

L4 Transporter

we use PAN-OS 5.0.5 and in NAT-Rules there is no column for users.

Nat.PNG.png

the custom application still exists.

Hello Kdd,

User names or User groups are defined in the security policy.

In the Nat rules the options available are source IPs and source zone and destination zone to indicate Nat rules. Later select source Nat or destination Nat.

Nat need not have the Usernames because all this is controlled from the security rules ie user and custom application ( firefox browser here )

Docs would help:

Understanding PAN-OS NAT

Security Policy Guidelines

Yes I agree

  • 1 accepted solution
  • 4665 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!