08-10-2017 06:33 AM
Looking for a way to direct all web traffic (http/https) destin for address proxy.company.com to get directed to a web appliance. Again only looking for traffic destin for proxy.company.com to get directed to the appliance. I'm guessing this can be done with possibly NAT, firewall rule, and possibly a routing instance. Was thinking the NAT rule below or similar would be needed, but unsure about routing instance.
set security nat source rule-set web-traffic-rule from zone trust1 set security nat source rule-set web-traffic-rule to zone trust2 set security nat source rule-set web-traffic-rule rule internet-access match zone trust1 set security nat source rule-set web-traffic-rule rule internet-access match destination-address proxy.company.com set security nat source rule-set web-traffic-rule rule internet-access match destination-port 443 set security nat source rule-set web-traffic-rule rule internet-access match destination-port 80 set security nat source rule-set web-traffic-rule rule internet-access then source-nat interface
Any help would be greatly appreciated.
08-12-2017 06:13 AM
The feature you need for this is called Filter Based Forwarding also known as policy based routing. With FBF you check the traffic for whatever criteria you want and then route the traffic based on the rule.
In your case you will look for certain destination ports and forward to a specific address.
This is a configuration example you can use and modify for your specific ports and addresses.
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCDA JNCDS-DC JNCDS-SEC
ACE PanOS 6 ACE PanOS 7
08-13-2017 08:10 PM - edited 08-13-2017 08:11 PM
What if you created a DNS entry for that domain on your DNS server, would that not work? I suppose this is an internal Web Server? And then your internal Zone to zone polices should allow access?
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]