Link Search Menu Expand Document

Inter-Segment Routing and DNAT Exceptions

Use this tab to configure inter-segment routing and Destination NAT (DNAT) rules when traffic is crossing between segments.

Starting with Orchestrator release 9.5.1, you can configure rules that allow multiple source segments to connect to one subnet destination. This configuration will form a group of rules. Source segments connected to the same subnet destination must be grouped in one rule. For example, if you select both “Guest” and “IoT” as the Source Segment for a subnet destination, you cannot add another rule that contains either “Guest” or “IoT” for that same destination.

Field Description
Source Segment Name of the segment that traffic is initiating from. You can select multiple source segments to create a group of rules.
Matches Destination IP IP address that matches the destination segment IP address, before DNAT. The IP address is included in the defined policy match criteria.
Send to Segment Name of the segment the packets are translated to from the matched destination IP address. This is included in the set criteria. Click in the cell to display the multi-selector, and then select or clear segments.
Translated Destination IP IP address of the DNAT IP address when the segment is translated.

NOTE: If DNAT is not needed, this field is empty.
Enabled Indicates whether inter-segment DNAT is enabled or disabled within your segment. You can enable or disable multiple rules.
Comment Any additional information.

Add a Rule

  1. Click the edit icon to open the Inter-Segment Routing & DNAT dialog box.

  2. Click +Add Rule to add a row to the table.

    NOTE: To edit a rule that is part of a group of rules, you must delete the existing rule from the grouped rule by clearing the segment from the Source Segment list. Click in the Source Segment cell to display the multi-selector, as shown in the following screen capture.

    img

  3. Click in any cell to provide the details for the new rule (see field descriptions above).

  4. Click Save to create the new rule or click Cancel to close the dialog box without making any changes.

NOTE: Inter-segment routing & DNAT rules are orchestrated globally to all appliances from this tab. To review rules on individual appliances, click Inter-Segment Routing & DNAT Exceptions and select the appliance in the tree. It is best practice to use only the globally orchestrated rules and avoid using local exceptions per appliance.

Delete a Rule

  1. Click the corresponding delete icon (X). If the rule is a grouped rule, each rule that contains the same source segment will be deleted also. Deleting one rule, could result in multiple rules being deleted.

  2. Click Save.


Back to top

© Copyright 2025 Hewlett Packard Enterprise Development LP.

For third-party trademark acknowledgements, go to Trademark Acknowledgements. All third-party marks are property of their respective owners.

To view the end-user software agreement, go to HPE Aruba Networking EULA.

Open Source Code:

This product includes code licensed under certain open source licenses which require source compliance. The corresponding source for these components is available upon request. This offer is valid to anyone in receipt of this information and shall expire three years following the date of the final distribution of this product version by Hewlett Packard Enterprise Company. To obtain such source code, please check if the code is available in the HPE Software Center at https://myenterpriselicense.hpe.com/cwp-ui/software but, if not, send a written request for specific software version and product for which you want the open source code. Along with the request, please send a check or money order in the amount of US $10.00 to:

Hewlett Packard Enterprise Company
Attn: General Counsel
WW Corporate Headquarters
1701 E Mossy Oaks Rd Spring, TX 77389
United States of America