3 Replies Latest reply on May 1, 2014 7:46 AM by mtuma

    Source NAT to "Firewall (IP)"


      Hi, I'm trying to better understand the rulebase on our Sidewinders and can see a number of rules that source NAT field set to "Firewall (IP)" which a mouse-hover shows as I'm trying to understand in what scenarios you'd want to set the source address of a flow to All I've come up with is a way to prevent the traffic from being forwarded...... Any advise much appreciated!!





        • 1. Re: Source NAT to "Firewall (IP)"



          Typically you would want the source NAT set to "<localhost> (Host)", which automatically NATs to the outgoing interface. Can you tell what the traffic is actually being NATted to when using "Firewall (IP)"? If it is indeed NATting to then I would expect that to fail.




          • 2. Re: Source NAT to "Firewall (IP)"

            Matt, they're very generic rules and I'm struggling to know if anything's hitting them. Is there a way from the audit view to show the rule ID that a particular flow hit?





            • 3. Re: Source NAT to "Firewall (IP)"

              Every time a rule is hit it will be audited (by default). There are a few easy ways to check to see if they are being hit:


              1) On the Dashboard there are tabs for most frequently used Applications, Threats, Policy, etc. Go to the Policy tab and that may show you if the rules are being hit.


              2) If you right click on the rule itself you should be able to View Audit associated with that rule.


              Hope this helps,