Business rule vs network rule

Question

I think I understand the fundamental difference between the two types of rule just wanted to make sure I am not missing something obvious. 
 
 I have a number of servers in a DMZ that are accessible from the internet so have setup business rules using DNAT for those. 
 
 Some of those DMZ servers need to make connections to certain LAN servers but there is no NAT involved ie. it just between the real IPs of the DMZ servers and the LAN servers. The business rule template assumes DNAT so do I just use the same IP for both the destination host and the protected server or should I be using a user/network rule for this ? 
 
 Thanks

Keyur · Accepted Answer

Hi Jon M Business rules mainly used for DNAT configuration and for Internal communication you required to configure Network rule between zones. User/Network Rule is used to define access rights and protection to the network objects/hosts. In a nutshell, if you want to control traffic by source, service, destination, zone, then use a Network Rule . Additionally, the administrator has the option to attach user identity to a rule in order to customize access of assorted hosts/servers. Such an identity-based rule is considered a User Rule . 
 Business Application Rule is used to protect internally or publicly hosted business applications or servers like SalesForce, Sharepoint, etc. 
 Using Business Application Rule, the administrator can configure protection of the HTTP and non-HTTP web servers from unauthorized access over the Internet. You can also control access of protected server or services through a Business Application Rule.