- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
02-25-2021 11:07 AM
We are going to change a source and destination NAT policy. Assuming the related security policies are in place for both the before and after change connections, are we going to see impacts to those sessions that have been active before the NAT change?
For example, the NAT is to change connection source and destination from (10.1.1.1 to 10.11.11.11) to (10.2.2.2 to 10.22.22.22). Now the NAT is changed from (10.2.2.2 to 10.22.22.22) to (10.3.3.3 to 10.33.33.33). Will the connections from (10.1.1.1 to 10.11.11.11) that have been active before this change keep working (based on the existing sessions in the session table)? In other words, will firewall immediately purge all the related sessions affected by that NAT change?
02-26-2021 04:27 AM
if you have session rematch enabled the existing sessions will be re-evaluated against the rules after each commit
if existing sessions need to persist you'll need to turn that off before making the change
03-04-2021 01:04 PM
Thanks for the reply. It sounds logical but the session rematch documentation says it is for "security policy". Is "NAT policy" also part of the rematch?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!