- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
04-09-2019 03:00 AM
Hello Folks,
I need some advice ....
I want to create a NAT rule to allow traffic to NOT be NATTED if it is going to a particular website.
e.g. if going to www.paloaltonetworks.com then dont NAT.
Is it possible to use URL objects for in a NAT policy??
Please could someone suggest how this can be done, or send me some useful links for doing this?
Thanks
04-09-2019 07:36 AM
You could put the leased line in it's own zone and just exclude it from your NAT statements.
Example - (zones USERS, LEASED, INTERNET)
src USERS -> dst LEASED = NO NAT (this statement probably not necessary since it's already routed?)
src USERS -> dst INTERNET = NAT
04-09-2019 05:08 AM
You can use fully qualified domain names as targets/source for your NAT rules e.g. google.com
You can't use HTTP urls e.g. www.google.com/examplepage as URL processing happens after NAT is completed.
Is that what you were after?
04-09-2019 06:31 AM
That is a particularly odd request. Do you mind me asking the what the use case is?
04-09-2019 07:02 AM
04-09-2019 07:36 AM
You could put the leased line in it's own zone and just exclude it from your NAT statements.
Example - (zones USERS, LEASED, INTERNET)
src USERS -> dst LEASED = NO NAT (this statement probably not necessary since it's already routed?)
src USERS -> dst INTERNET = NAT
04-09-2019 08:28 AM
If I understand what you are going for you may be able to use policy based forwarding to direct the traffic to the zone/interface of your choosing instead of out to the internet
04-27-2019 02:54 PM
Thanks, I simply created a new DMZ for the leased line
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!