NAT from source IP by FQDN

PeterUK
PeterUK Posts: 3,461  Guru Member
100 Answers 2500 Comments Friend Collector Seventh Anniversary
edited July 2 in Security Ideas

When making a NAT rule for Virtual Server your able to select for source IP a FQDN which would allow a dynamic connection by given FQDN to IP to match the NAT rule.

WILDCARD FQDN are not selectable.


2 votes

Active · Last Updated

Comments

  • mMontana
    mMontana Posts: 1,389  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    NAT <> Virtual Host.
    NAT chews only IPs, no hostnames.
  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    mMontana said:
    NAT <> Virtual Host.
    NAT chews only IPs, no hostnames.

    You don't get how a FQDN works like say pingbox1.thinkbroadband.com as a FQDN the USG does a lookup for the IP


  • mMontana
    mMontana Posts: 1,389  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    You're probably right.
    I'll gladly read the lecture, if you will write it when you'll have enough time. :)
  • Thanks Peter, do you refer to security policy? It's the only rules where I can specify a source IP as FQDN, but if I set this I can't set the dest. port and I wouldn't that this has effect for all NAT because I have some port forwarding without restriction and other with this source restriction.

    Thanks in advance

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited February 8

    The idea is for the NAT rule to have select traffic by source FQDN go to a port like port 80 at say 192.168.0.2 but with another rule below for port 80 to have any other traffic go to 80 192.168.0.80

    there is a way you can do the above but needs a VLAN switch and another USG and not with NEBULA

    if your not needing that then you can use security policy