3 Replies Latest reply on Feb 24, 2015 3:39 PM by squidikus



      Hi Guys,


      Just wondering if it is possible to perform NAT based on the Incoming IP and Domain name?


      Basically what I would like to do is have A single IP with 10 websites behind the ip. My NAT rule should consist of A Source IP and a domain name to match the incoming header.




      Capn Squidikus.

        • 1. Re: NAT



          this is not possible since the payload could not be inspected yet at the point when NAT decision is done. So NAT can only be done based on source, destination and service. I'm anyway unsure what you would like to accomplish with such setup, source NAT to different IPs based on the website for some reason? I assume you use SNI on server side to choose which website is served to the client, so all websites can be served on same port.




          • 2. Re: NAT


            Are you perhaps talking about reverse proxy type operation? NGFW has SSL VPN functionality that can allow users login to SSL VPN portal and then click icons to connect to servers behind NGFW engine but that's probably not what you're looking for. If you are looking for reverse proxy operation, McAfee Web Gateway would be able to do that.




            • 3. Re: NAT

              Tero a reverse proxy is what I am thinking of but I am now realizing that this actually is not possible and if the firewall did perform this it would be a waste of its resources. Inurmi thanks as well.


              Thank you again for your replies.