Searching and Filtering the NAT Rule Table

You can search and filter the NAT rule table to help you find rules that you need to modify or view. When you filter the table, only matching rules are shown. Note that although the rule numbers change to be sequentially 1, 2, and so forth, filtering does not change the actual rule number or the rule’s location in the table relative to hidden rules. Filtering simply changes what you can see to help you locate rules that interest you.

When editing the NAT policy, you can use the fields above the table to do the following types of search/filter:

  • Filter by Device—Click Filter by Device, then select the devices whose rules you want to see and click OK. Whether a rule applies to a device is determined by the rule's interface constraints. If you specify a security zone or interface group for either the source or destination interface, the rule applies to a device if at least one interface for the device is in the zone or group. If a NAT rule applies to any source and any destination interface, then it applies to all devices.

    If you also do a text or multiple-attribute search, the results are constrained to the selected devices.

    To remove this filter, click Filter by Device and deselect the devices, or select All, and click OK.

  • Simple Text Search—In the Filter box, type a string and press Enter. The string is compared to all values in the rules. For example, if you enter “network-object-1,” which is the name of a network object, you would get rules that use the object in source, destination, and PAT pool attributes.

    For network and port objects, the string is also compared to the contents of the objects used in the rule. For example, if a PAT pool object includes the range 10.100.10.3-10.100.10.100, searching on either 10.100.10.3 or 10.100.10.100 (or a partial 10.100.10) will include rules that use that PAT pool object. However, the match must be exact: searching on 10.100.10.5 will not match this PAT pool object, even though the IP address is within the object’s IP address range.

    To remove the filter, click the x on the right side of the Filter box.

  • Multiple-Attribute Search—If a simple text search gives you too many hits, you can configure multiple values for the search. Click in the Filter box to open the list of attributes, then select or enter strings for the attributes you intend to search and click the Filter button. These attributes are the same as the ones you would configure within a NAT rule. The attributes are AND’ed, so filtered results include only those rules that match all attributes you configured.

    • For binary attributes, such as the rule state (enabled/disabled), whether a PAT pool is configured (enabled/disabled), the direction of the rule (uni/bi), or rule type (static/dynamic), simply check or uncheck the boxes as appropriate. Select both boxes if you do not care about the attribute value. If you deselect both boxes, no rules will match the filter.

    • For string attributes, type a full or partial string relevant to that attribute. These will be object names, either for security zones/interface groups, network objects, or port objects. It can also be the network or port object contents, which are matched the same way they are for simple text searches.

    To remove the filter, click the x on the right side of the Filter box, or click in the Filter box to open the drop-down list, and click the Clear button.