SonicOS 7 Rules and Policies

About FQDN-based NAT

SonicOS supports NAT policies using FQDN Address Objects for the original source/destination.

Use cases include:

  • Specifying public IP addresses with FQDN to a local server

  • Specifying a public server with FQDN for consistency across replacement with a server that has a known IP address

  • Routing traffic from/to a FQDN to have a source IP address other than the outbound interface IP.

The following functionality is supported:

  • The original source/destination can be a pure FQDN or an address group with FQDN(s) and other IPv4 or IPv6 addresses, depending on the IP version of the NAT policy. A new FQDN address object can be directly created from the POLICY | Rules and Policies > NAT Rules page.

    FQDN is not supported for the translated source/destination.

  • IP version options are provided for a NAT policy only if the version is ambiguous based on settings for original/translated source/destination fields. Either IPv4 or IPv6 must be selected.
  • Mousing over an FQDN object of a NAT policy displays the IP addresses in the same IP version as the NAT policy.
  • When NAT translation is performed, only the IP addresses in the NAT's IP version are considered.
  • The Advanced page is disabled if FQDN is used in either or both the original source/destination fields.

    If probing is enabled and/or the NAT method is configured to a non-default value such as Sticky IP, neither of original source/destination address objects can be modified to contain an FQDN.

  • FQDN based NAT policies are supported in High Availability configurations.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.