01-23-2014 05:04 AM
Hi,
for certain of our users is it aloud to use firefox. they are identified by their username. But if the want to go to internet they have to be "NATted" . It is possible and when how to create a NAT-Rule? What is known: username and the application.
Best regards
Klaus
01-23-2014 06:37 AM
Hello Kdd,
User names or User groups are defined in the security policy.
In the Nat rules the options available are source IPs and source zone and destination zone to indicate Nat rules. Later select source Nat or destination Nat.
Nat need not have the Usernames because all this is controlled from the security rules ie user and custom application ( firefox browser here )
Docs would help:
01-23-2014 05:45 AM
you could create a nat rule base on group or username and base on an custom application
custom application with signature base on the user-agent header that contain firefox.
01-23-2014 06:00 AM
to create your custom app
and to identify user you need user id
01-23-2014 06:24 AM
we use PAN-OS 5.0.5 and in NAT-Rules there is no column for users.
the custom application still exists.
01-23-2014 06:37 AM
Hello Kdd,
User names or User groups are defined in the security policy.
In the Nat rules the options available are source IPs and source zone and destination zone to indicate Nat rules. Later select source Nat or destination Nat.
Nat need not have the Usernames because all this is controlled from the security rules ie user and custom application ( firefox browser here )
Docs would help:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
