Destination NAT Example—One-to-Many Mapping

In this example, one IP address maps to two different internal hosts. The firewall uses the application to identify the internal host to which the firewall forwards the traffic.
dest_nat_1_to_many_example.png
All HTTP traffic is sent to host 10.1.1.100 and SSH traffic is sent to server 10.1.1.101. The following address objects are required:
  • Address object for the one pre-translated IP address of the server
  • Address object for the real IP address of the SSH server
  • Address object for the real IP address of the web server
The corresponding address objects are created:
  • Servers-public: 192.0.2.100
  • SSH-server: 10.1.1.101
  • webserver-private: 10.1.1.100
The NAT rules would look like this:
dest_nat_1_to_many_nat_pol.png
The security rules would look like this:
dest_nat_1_to_many_sec_pol.png

Related Documentation