Unable to edit NAT-Firewall rule

It is by design. To be able to change the NAT rule for a firewall rule, you need to:

• Unlink the NAT rule from the NAT tab
• Link a new NAT rule from the NAT tab to an existing firewall rule

Feedbacks:

Please:

• Allow to edit and link the NAT rule from the Firewall rule
• From the Firewall rule, use the white space by providing information about the NAT rule you are linking to the rule. For example, NAT_NAME where a "i" information icon is availble and we can see the NAT rule proprierties without moving back and forth from NAT Tab.

Thanks

You do not need to link a NAT rule to a FW rule. NAT rules operate on the matching criteria. NAT Rule linking was a needed step for migration. You do not need to unlink rules if you want to keep the same kind of setup you had previously. We would suggest however that over time you unlink rules and create NAT rules based on matching criteria. It may look complicated at first but it is actually more powerful and elegant.

If you have 100 FW rules now, and they are all MASQ rules that will mean 100 Linked NAT rules are created on migration. However it is very likely you could reduce this to a single SNAT rule which applies to all 100 FW rules by the matching criteria.

PMStuart 

I  do not agree on this. Admins should be able to change the NAT from the Firewall rule also and not only from NAT tab. Also, from the Firewall rule, there should be a way to view information about the linked NAT rule. A name is not enough!

Thanks

I am working with V18 since couple of weeks and i do not use any Linked NAT Rules anymore. 

Would recommend to work with NAT Rules, which uses the Interface Criteria (for example WAN outbound).

You can actually use a default NAT Rule on the bottom with Matching Interface WAN and SNAT enabled (MASQ). So you would reduce the need of a Linked NAT Rule from X Rules to 1. 

LuCar Toni 

Do you read what I am complaining?

Please read carefully! Suggested answer is very bad.

I am just trying to point to a direction, which could lead to a much simpler rule set. 

If you want to work with Linked NAT Rule, then i would confirm this issue. 

But if you want to migrate to a one rule set setup, this would the way to go.

This would also solve your other issue.

That would be the Rule, which i am suggest. 

I am just trying to point to a direction, which could lead to a much simpler rule set. 

If you want to work with Linked NAT Rule, then i would confirm this issue. 

But if you want to migrate to a one rule set setup, this would the way to go.

This would also solve your other issue.

That would be the Rule, which i am suggest. 

LuCar Toni 

I am not complaining to remove the NAT rule tab or to change the NAT linked behaviour but I am complaining that a single way to edit or unlink or change the NAT only from NAT tab is UNACCEPTABLE.

NAT rule editing, linking shall be available even from FIREWALL RULE.

I hope it is clear now.

I completely agree that after migration, you can unlink all NAT migrated and link a single NAT to all firewall rule.

lferrara said:

I am not complaining to remove the NAT rule tab or to change the NAT linked behaviour but I am complaining that a single way to edit or unlink or change the NAT only from NAT tab is UNACCEPTABLE.

NAT rule editing, linking shall be available even from FIREWALL RULE.

I totally agree with this.

What about a "Automatic firewall rule" checkbox like in UTM, when you create the NAT rule?