About FQDN-based NAT

SonicOS supports NAT policies using FQDN Address Objects for the original source/destination.

Use cases include:

• Specifying public IP addresses with FQDN to a local server

• Specifying a public server with FQDN for consistency across replacement with a server that has a known IP address

• Routing traffic from/to a FQDN to have a source IP address other than the outbound interface IP.

The following functionality is supported:

• The original source/destination can be a pure FQDN or an address group with FQDN(s) and other IPv4 or IPv6 addresses, depending on the IP version of the NAT policy. A new FQDN address object can be directly created from the POLICY | Rules and Policies > NAT Policy page.

  FQDN is not supported for the translated source/destination.

• IP version options are provided for a NAT policy only if the version is ambiguous based on settings for original/translated source/destination fields. Either IPv4 or IPv6 must be selected.
• Mousing over an FQDN object of a NAT policy displays the IP addresses in the same IP version as the NAT policy.
• When NAT translation is performed, only the IP addresses in the NAT's IP version are considered.

• The Advanced page is disabled if FQDN is used in either or both the original source/destination fields.

  If probing is enabled and/or the NAT method is configured to a non-default value such as Sticky IP, neither of original source/destination address objects can be modified to contain an FQDN.

• FQDN based NAT policies are supported in High Availability configurations.