Feature Request - Clone NAT Rules

Please add the ability to clone NAT rules, Thanks.

Parents
  • I was going to ask for this feature but then I thought to myself why? Why would you ever want to clone a NAT rule? Most NAT rules are tied and automatically created within a firewall rule. A rule or two that you create as a generic NAT rule will cover most of the other needs.

    Not arguing against the capability as it already exists in UTM, was just wondering in context of XG.

    Regards

  • I like the idea of cloning the NAT. Think about when you need to publish to the same server with the same IP listener but services (outside and inside) are different.

  • Yes for DNAT. For regular NAT, the rules are tied to firewall rules so how would you clone those. Only ones that can be cloned are user created rules and you probably won't have many.

    In any case, more flexibility is always a good thing. I was just wondering about the thought process on why this is needed.

    Regards

    Bill

  • One of the main feature of v18 is that NAT rule have been decoupled from firewall rules.  Or I just do not understand your point.

    People in Sophos world are just TOO accustomed to this "Linked NAT & each firewall rule with its own NAT rule" non sens. 

    But again, most users and business will get 2,3, maybe 5 NAT rules in the end ?  And here I mean bidirectional NAT rules.  Compared to maybe hundreds firewall rules.  I just do not get why one would want to clone NAT rules.  Unless maybe they would have 10 Exchange servers with each of them having their own public IP address ?

    Really, what we need is an auto NAT rule generator.  And NAT templates.

    Paul Jr  

  • Ha, you make me laugh with your snide remarks and the irony that goes with it. 

    NAT is presented in a way that is too confusing in v18. I have deleted my vm so I am going by memory here... When you create a firewall rule, there is still an option to create a corresponding NAT rule. So technically, you can create 100 firewall rules and have 100 NAT rules. You also have an option to create a NAT rule independent of firewall rules. The order of NAT rules will apply in that case and the first rule will apply to most traffic if you have a generic rule like

    NAT LAN to WAN 

    DNAT is still the same but they have moved it to the NAT section. The business rule creation was always too restrictive for me in previous releases so I actually like DNAT in v18 which others don't.

    But your point remains, in a regular firewall, you hardly ever go to NAT section. In XG, you can and will go to NAT section every time you create a firewall rule if that rule is linked[:D]

    Regards

    Bill

  • Billybob said:

     The business rule creation was always too restrictive for me in previous releases so I actually like DNAT in v18 which others don't.

    Business Rule creation can be improved in a way that you create the Firewall rule and the wizard helps you even on NAT creation in the same window.

  • I don't recall having a generic rule (NAT LAN to WAN) with unlinked firewall policies working. I believe I created a test (basic ping) with no associated / linked NAT and it not routing out the WAN gateway. I do like the concept of a global SNAT or being able to link a single SNAT to multiple policies. At least they make it easy enough to create / link the NAT in the policy, but it does feel a bit awkward creating SNAT's for every LAN to WAN policy...

Reply
  • I don't recall having a generic rule (NAT LAN to WAN) with unlinked firewall policies working. I believe I created a test (basic ping) with no associated / linked NAT and it not routing out the WAN gateway. I do like the concept of a global SNAT or being able to link a single SNAT to multiple policies. At least they make it easy enough to create / link the NAT in the policy, but it does feel a bit awkward creating SNAT's for every LAN to WAN policy...

Children