[NEBULA] Add extra external IP and map service

Hi @Nebula_Irene

I have been configuring my NSG this way, having 3 public IPs for my servers. Inbound access works fine but I am having the issue that for any outbound traffic, it does not use the public IP of the Virtual server but rather the public IP of the NSG.
This causes issues with an email server where the MX record does not match the public IP of the mail server, hence outbound emails are considered spam and not delivered. I could help myself with an SPF record that included the public IP of the NSG. 

Nonetheless, I was wondering how I could make it working without configuring 1-1 NAT, where this can be solved but at the price of having no security policies protecting my servers behind the NSG.

Being an "ex USG" user, I must admit that the NSG is still very confusing for me. I am missing the possibilities of 1-1 NAT and firewall rules to restrict inbound traffic. Could it be that I do not understand how to setup my NSG properly? Is there any documentation with examples for above scenario? Appreciate your help.

Regards
Walter

Hi @Nebula_Chris

thanks for your help. I've set it up and it works fine. 

I've also figured out that you can add several destination addresses, separating them by a comma and also several ports into the same rule. This comes closer to the "objects" definitions with the USG.

Nonethless, one thing that I do not understand is why for the above configuration, the GUI section of Security Policy refers to "Outbound rules", which they are not when I seem to configure inbound rules.
For inbound rules, it states "Inbound traffic will be restricted to this service in NAT settings".
This is the reason why I did not even consider using the security policies for my scenario.

Is there any "reference" manual of the UI that explains every configuration in more details? Together with a couple of examples, this would be very useful for many users.

Kind regards
Walter