Can we add host name in security policy or nat policy

Specifying a pre-NAT or post-NAT address as the destination address in the interzone security policy when creating a NAT Server policy You must specify the post-NAT address as the destination address in the policy. The security policy matching takes place after address translation. Therefore, the destination for the security policies to match must be a private IP address.

Specify a private address (source address) in a security policy on an FW. The private address is the one that is used before source NAT is performed. The FW matches packets with a security policy before enforcing a NAT policy. If the packets match the security policy, the FW performs source NAT for the packets. If the packets do not match the security policy, the FW discards the packets.

After source NAT or destination NAT is configured, you can configure the security policy as follows: After source NAT is configured, configure the source IP address for packet filtering as the IP address before the NAT. After NAT Server, intrazone destination NAT, or SLB is configured, configure the destination IP address for packet filtering as the IP address after the NAT.

The source address specified in the security policy is the address before NAT when the source NAT policy is configured. When the firewall translates an address in a packet, it searches for the interzone security policy. The firewall translates only the address that passes the security policy check and matches the conditions defined in the interzone policy. Therefore, the source address specified in the interzone security policy is the address before NAT, that is, the private IP address.

On the interface [HUAWEI] interface GigabitEthernet x/x/x [HUAWEI-GigabitEthernetx/x/x] traffic-policy test inbound On the VLAN [HUAWEI]vlan 100 [HUAWEI-vlan100] traffic-policy test inbound On the globe or slot. in the system-view, we can configure "traffic-policy policy-name global [ slot slot-id ] inbound".