Inter-Segment Routing and DNAT Exceptions
Use this tab to configure inter-segment routing and Destination NAT (DNAT) rules when traffic is crossing between segments.
Starting with Orchestrator release 9.5.1, you can configure rules that allow multiple source segments to connect to one subnet destination. This configuration will form a group of rules. Source segments connected to the same subnet destination must be grouped in one rule. For example, if you select both “Guest” and “IoT” as the Source Segment for a subnet destination, you cannot add another rule that contains either “Guest” or “IoT” for that same destination.
Field | Description |
---|---|
Source Segment | Name of the segment that traffic is initiating from. You can select multiple source segments to create a group of rules. |
Matches Destination IP | IP address that matches the destination segment IP address, before DNAT. The IP address is included in the defined policy match criteria. |
Send to Segment | Name of the segment the packets are translated to from the matched destination IP address. This is included in the set criteria. Click in the cell to display the multi-selector, and then select or clear segments. |
Translated Destination IP | IP address of the DNAT IP address when the segment is translated. NOTE: If DNAT is not needed, this field is empty. |
Enabled | Indicates whether inter-segment DNAT is enabled or disabled within your segment. You can enable or disable multiple rules. |
Comment | Any additional information. |
Add a Rule
-
Click the edit icon to open the Inter-Segment Routing & DNAT dialog box.
-
Click +Add Rule to add a row to the table.
NOTE: To edit a rule that is part of a group of rules, you must delete the existing rule from the grouped rule by clearing the segment from the Source Segment list. Click in the Source Segment cell to display the multi-selector, as shown in the following screen capture.
-
Click in any cell to provide the details for the new rule (see field descriptions above).
-
Click Save to create the new rule or click Cancel to close the dialog box without making any changes.
NOTE: Inter-segment routing & DNAT rules are orchestrated globally to all appliances from this tab. To review rules on individual appliances, click Inter-Segment Routing & DNAT Exceptions and select the appliance in the tree. It is best practice to use only the globally orchestrated rules and avoid using local exceptions per appliance.
Delete a Rule
-
Click the corresponding delete icon (X). If the rule is a grouped rule, each rule that contains the same source segment will be deleted also. Deleting one rule, could result in multiple rules being deleted.
-
Click Save.