USG: NAT rules w/ Service Group objects
I just wanted to post that I am NOT HAPPY that the USG series apparently doesn't allow you to use Service Group objects when creating NAT rules! SCREAM!!
Any idea WHY this would be the case? I mean, could there be a valid reason? Seems silly if you ask me.
Idea only: Perhaps doing so would require modifying IPTables, potentially introducing a chink in its armor.
AnavSarcastic Llama? Naw, Just AcerbicPremium
|reply to Gork |
Welcome to the club Gork. At least in FW rules they can be combined, concur its tedious not to be able to group objects for NAT rules, especially when I cannot find a protocol that covers rules for both TDP and UDP. Means more rules than necessary need to be made up. Not sure if they are afraid of inadvertent overlap??
Yeah, I dunno - but I concur that having a TCP/UDP entry would be nice as well.
As far as you say, @Kirby, couldn't the information be taken care of in the CLI the same as it is now when you enter the info separately in the GUI?
Gork: I interpret your question to be why not accept a service group object in the GUI, or even via the CLI, and auto generate a CL script that is more verbose. I don't know any reason other than added coding effort or possible consumer confusion when the result is somewhat different than the input.
Yeah, you understood my meaning. It just seems odd to me I guess.