Panorama NAT examples
From Notes_Wiki
Home > Enterprise security devices or applications > Paloalto firewall > Panorama NAT examples
NAT from public IP to private IP via panorama only for a specific destination
When packets are coming from a specific WAN IP (Src-pub-IP1) and going to a specific WAN public IP (dst-pub-IP2) and need to be translated to a LANIP (dst-priv-IP3) for a specific service on port (service-port1) then we need to do following configuration in panorama:
Policy NAT pre-rules
Under Policies -> Nat -> Pre-rules create rule as:
- Source zone
- WAN
- Destination zone
- WAN
- Destination interface
- WAN interface (Eg ethernet1/4)
- Source address
- Src-pub-IP1
- Destination address
- dst-pub-IP2
- Service
- service-port1
- Source translation
- none
- Destination translation
- Address dst-priv-IP3
Policy Security Pre-rules
Under Policies -> Security -> Pre Rules create rule as:
- Source zone
- WAN
- Source address
- Src-pub-IP1
- Source user
- any
- Source device
- any
- Destination zone
- LAN
- Destination address
- dst-pub-IP2
- Destination device
- any
- Application
- any
- Service
- any
- Action
- allow
Above when viewed in palo-alto firewall is shown under Policies -> Security with same values as configured in Panorama for the firewall.
Home > Enterprise security devices or applications > Paloalto firewall > Panorama NAT examples
