3 Replies Latest reply on May 1, 2014 7:46 AM by mtuma

    Source NAT to "Firewall (IP)"

    timchampion

      Hi, I'm trying to better understand the rulebase on our Sidewinders and can see a number of rules that source NAT field set to "Firewall (IP)" which a mouse-hover shows as 127.0.0.1. I'm trying to understand in what scenarios you'd want to set the source address of a flow to 127.0.0.1. All I've come up with is a way to prevent the traffic from being forwarded...... Any advise much appreciated!!

       

      Thanks,

       

      Tim

        • 1. Re: Source NAT to "Firewall (IP)"

          Hello,

           

          Typically you would want the source NAT set to "<localhost> (Host)", which automatically NATs to the outgoing interface. Can you tell what the traffic is actually being NATted to when using "Firewall (IP)"? If it is indeed NATting to 127.0.0.1 then I would expect that to fail.

           

           

          -Matt

          • 2. Re: Source NAT to "Firewall (IP)"
            timchampion

            Matt, they're very generic rules and I'm struggling to know if anything's hitting them. Is there a way from the audit view to show the rule ID that a particular flow hit?

             

            Cheers,

             

            Tim

            • 3. Re: Source NAT to "Firewall (IP)"

              Every time a rule is hit it will be audited (by default). There are a few easy ways to check to see if they are being hit:

               

              1) On the Dashboard there are tabs for most frequently used Applications, Threats, Policy, etc. Go to the Policy tab and that may show you if the rules are being hit.

               

              2) If you right click on the rule itself you should be able to View Audit associated with that rule.

               

              Hope this helps,

               

              Matt