Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

NAT - with URL for NAT policy

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

NAT - with URL for NAT policy

L2 Linker

Hello Folks, 

 

I need some advice ....

 

I want to create a NAT rule to allow traffic to NOT be NATTED if it is going to a particular website. 

e.g. if going to www.paloaltonetworks.com then dont NAT.

 

Is it possible to use URL objects for in a NAT policy??

 

Please could someone suggest how this can be done, or send me some useful links for doing this?

 

Thanks

1 accepted solution

Accepted Solutions

You could put the leased line in it's own zone and just exclude it from your NAT statements.

 

Example - (zones USERS, LEASED, INTERNET)

 

src USERS -> dst LEASED = NO NAT  (this statement probably not necessary since it's already routed?)

src USERS -> dst INTERNET = NAT

 

 

 

View solution in original post

6 REPLIES 6

L0 Member

You can use fully qualified domain names as targets/source for your NAT rules e.g. google.com

You can't use HTTP urls e.g. www.google.com/examplepage as URL processing happens after NAT is completed.

 

Is that what you were after?

That is a particularly odd request.  Do you mind me asking the what the use case is?

It's for a service that is available over leased line well as the internet. I want to use the leased line for these services instead of using the default NAT statement for the internet.

You could put the leased line in it's own zone and just exclude it from your NAT statements.

 

Example - (zones USERS, LEASED, INTERNET)

 

src USERS -> dst LEASED = NO NAT  (this statement probably not necessary since it's already routed?)

src USERS -> dst INTERNET = NAT

 

 

 

L4 Transporter

If I understand what you are going for you may be able to use policy based forwarding to direct the traffic to the zone/interface of your choosing instead of out to the internet

Thanks, I simply created a new DMZ for the leased line

  • 1 accepted solution
  • 5603 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!