Hello,
I'm wondering whether it's possible to do destination NAT with domain name. Something like:
- service1.example.com -> 172.17.1.3 port 80
- service2.example.com -> 172.17.1.4 port 80
There seems to be a discussion on this topic here, but that thread mentions source NAT. I've tried configuring an address in the address book like this:
set security zones security-zone Internet address-book address SERVICE_1 dns-name service1.example.com ipv4-only
Then configuring destination NAT like this:
description "Destination NAT for Service 1";
match {
destination-address-name SERVICE_1;
destination-port 80;
protocol tcp;
}
then {
destination-nat {
pool {
service-1-server;
}
}
}
However, when I tried committing, I got this error:
[edit security nat destination rule-set dst-nat rule forward-service-1 match]
'destination-address-name'
Can not find address/address-set(SERVICE_1) in default global address book
error: configuration check-out failed
(It seems that the global address book can't be set when there's any zone-specific address book configured - which in my case there is a few of addresses set there. Is there any other way?)
Any help would be appreciated.