The destination address is the address of the server where the clients finally connect to.

To modify the destination address of a connection

  1. Navigate to the Connections tab storing the connection and click to display the details of the connection.

    Figure 173: <Protocol name> Control > Connections — Configuring connections

  2. The Target section allows you to configure Network Address Translation (NAT) on the server side of One Identity Safeguard for Privileged Sessions (SPS). Destination NAT determines the target IP address of the server-side connection. Set the destination address as required. The following options are available:

    NOTE: It is not possible to direct the traffic to the IP addresses belonging to SPS.

    • Use the original target address of the client: Connect to the IP address targeted by the client. This is the default behavior in transparent mode. This option is not available in non-transparent mode. For HTTP connections, you can use the Use the original target address of the client option only when the Act as HTTP proxy option is disabled.

    • NAT destination address: Perform a network address translation on the target address. Enter the target address in IP address/Prefix format.

      Alternatively, you can enter a hostname instead. SPS automatically resolves the hostname to an IP address.

      NOTE: Note the following limitations:

      • To resolve the hostnames, SPS uses the Domain Name Servers set in the Basic Settings > Network > Naming > Primary DNS server and Secondary DNS server fields.

      • If the Domain Name Server returns multiple IP addresses, SPS randomly selects from the list.

    • Use fixed address: Enter the IP address and port number of the server. The connection will connect always to this address, redirecting the clients to the server.

      Alternatively, you can enter a hostname instead. SPS automatically resolves the hostname to an IP address.

      NOTE: Note the following limitations:

      • To resolve the hostnames, SPS uses the Domain Name Servers set in the Basic Settings > Network > Naming > Primary DNS server and Secondary DNS server fields.

      • If the Domain Name Server returns multiple IP addresses, SPS randomly selects from the list.

    • Inband destination selection: Extract the address of the server from the username. Note that for HTTP connections, you can use the Inband destination selection option only when the Act as HTTP proxy option is enabled. For details, see Configuring inband destination selection.

  3. Optional Step: to enable a custom DNS server to be used for target selection in server-side Channel Policies, select Enable Custom Target DNS server, then enter the IP address of the custom DNS server to look up target addresses and resolve FQDN or wildcard FQDN addresses in the Target fields of your Channel Policies.

  4. Click .