#PaloAltoTraining
ฝัง
- เผยแพร่เมื่อ 26 ก.ย. 2024
- Hi Friends,
Please checkout my new detailed video on Configuration of U-turn NAT policy in detailed with LAB. If you like this video give it a thumps up and subscribe my channel for more video. Have any question put it on comment section.
Palo alto Playlist
• #PaloAltofirewallTrain...
Facebook group URL
/ 197882327937667
Please find the link below for downloading images of network devices and EVE-ng file
drive.google.c...
Recommend below System configuration to run EVE-NG lab smoothly
Please Buy with our Affiliate Link (India and US)
(India)
Intel® Core™ i7-9700K Processor amzn.to/2TtGpul
ASUS ROG Strix Z390-F Gaming Motherboard LGA1151 amzn.to/3jxSSrr
Corsair Vengeance LPX 32GB (2x16GB) 3200MHz amzn.to/3mmQLIP
Gigabyte AORUS GeForce RTX 2080 amzn.to/34vtkqx
OR
ZOTAC Gaming GeForce RTX 2060 amzn.to/3jxBdzY
LG 27GL83A-B 27 Inch Ultragear QHD IPS amzn.to/31Hke8g
Corsair RMX Series, RM750x amzn.to/2TokxAq
(US)
Intel Core i7-9700K Desktop Processor amzn.to/3dZFT0s
ASUS ROG Strix Z390-F Gaming Motherboard LGA1151 amzn.to/2J16Lli
Corsair Vengeance LPX 32GB (2x16GB) 3200MHz amzn.to/2ToAd6T
Gigabyte AORUS GeForce RTX 2080 amzn.to/3dVrBOw
OR
ZOTAC Gaming GeForce RTX 2060 amzn.to/3oqOyxP
LG 27GL83A-B 27 Inch Ultragear QHD IPS amzn.to/37J73Yw
Corsair RMX Series, RM750x amzn.to/37Mf7rk
Instagram : www.instagram....
Twitter : / bikashshaw82
E-mail ID : bikashshaw261@gmail.com
#Paloaltotraining #Paloaltofirewall #bikashtech
Way of teaching is very good, thank you for nice content
Very informative, simple and crispy. thank you😀
Thank you for the detailed explanation. Very useful for my scenario. I have a website that can be reached by internal users on wifi trust network through internal DNS. External users can reach the website through destination NAT, but internal users on our guest wifi cannot reach the website externally, because it gets assigned external DNS and the firewall doesn't know how to handle the traffic, so it gets dropped. I will be configuring U-turn NAT for guest wifi, so untrusted devices don't query our internal DNS and reach via U-turn policy.
Hi Bikash, your videos very informative. Just a small request if you can share these eve-ng labs also we can export and work on the same topology.
Can you please upload videos for troubleshooting App-ID, content ID, routing and other topics with real world scenarios?
Also, waiting for your video on VPN with same subnets.
Thanks
Very well explained
very informative
good job
Hlo in interview asked me that if you do not get any traffic logs so how you troubleshoot that what could be the reasons we are not getting any traffic logs
Please reply on this request
Bikash,
if possible share config of both rouetrs also will be very helpful in doing the lab
why eth1/3 should not be DMZ zone in NAT configuration ?
Can just share the DNS Router configuration it will be really helpful
kinldy do DNS sinkholing Video
Greetings from Sadat,
Sorry for wondering you Bikash's Tech, If you don't mind please make a complete video on EVE-NG installation and set up all the prerequisites for the Palo Alto Lab.
Study2Master
Thanks for comment.
Hi study2Master,
I have already uploaded video on eve-ng Palo Alto lab. if in case it is not informative. please let me know, the points which you did not understand. I will cover in next video.
Uploaded video link
th-cam.com/video/gopBM4aH4FQ/w-d-xo.html
@@BikashsTechWhen I'm installing the EVE-NG I do not know where is the problem my VM is not starting asking about Licence and so,
If you please make a video from scratch I will appreciate your hard work.
Thanks
Sir, can you start vpn on palo alto firewall. I never understood how make a tunnel in palo alto as well as asa. ASA i have to study amy thing ... Bt palo alto i already have basic knowledge to understand
Hi Bikash, thank you so much for giving us so beautiful concept of palo alto... I really appreciate it.. I have a qstn, wot will be the dns and natting resolution if the webserver have public IP taken from an IP pool, I mean if the public dns has mapping with sever domain with the same public ip which is assigned to the web server.. please answer keeping internal dns is not in the private network...
Hi, could you please do video for palo alto d nat from outside to inside please..
Hi Bikash Sir , great video but i have a stupid doubt
in the video you said the src traffic 10.1.1.1. goes to the server on its public IP 20.1.1.50 which will be NAted to server Private IP - 192.168.1.1
But my doubt is , wont the source IP also be NATTEd to the Fw public Interface to reach th public IP - 20.1.1.50 and hence the retrun traffic will be towards the FW public Interface (which was the NATTed IP for 10.1.1.1 - or any othe NAT that is used for private inside Ips to go to internet)
Thanks for these videos , they are really helpful to us
thanks for your question, now think when the traffic reach to server, what would be source and destination and when server reply again think about source and destination, how it travel back to source. let me know if you understood.
@@BikashsTech Hi Bikash , Firstly thanks for the video and yes Pratik is right here as src traffic will also get natted to public ip as per source natting .
Is it similar to the concept of TWICE NAT or DOCTORING in CISCO ASA ?
I have mentioned in the video asa dns doctoring and twice nat
This is only for source NAT not for DNAT. Correct me if wrong.
Hi Sir, is it U Turn an exceptional case ? means , if we have internal DNS Server configured , then internal users can directly connect with internal server without need of public ip?
Yeah
Can i configure U-trun NAT with two public ip addresses ?
Hi Bikash, does unat applies to traffic coming from outside to dmz or it’s just dnat applies here? I have understood from inside to dmz for external dns server but bit confused for outside to dmz.
for this u turn nat you mean source is pc dest is webserver outside ip (so pc without natting going out with its lan ip?) then hitting wan ip of server then going to 192.168.1.1 source ip lan can go out without nat? and return is directly going from dmz to in ? where is unnat happening first , bro is there any other video of you on this?
I have a doubt, why we need NAT for internal traffic from inside to DMZ. The source nat mapping happens from private to private which can be achieed simply by creating policy?
how is the packet flow? pc going out to DNS then coming back to GlobalIP which is forwarding to DMZ?
Hi Abdul,
Thanks for comment.
Yeah, without DNS how PC will reach webserver, once the dns resolution happens, PC will try to access the webserver then NAT will perform which is know as u-trun NAT.
Sir can you please mention here what ip is 192.x.x.1 and 192.x.x.10....juta need to know which interface and server ip is this....I think there will be one ip that is 192.168.1.1 that's the internal dmz server..so what is 1.10 coming frm please clear me
Hi Minosh,
Thanks for comment,
i think, you have still not understand. We are doing twice nat (Source and destination both are getting NATTED) so, 192.168.1.10 is gateway of server (palo alto interface IP of DMZ) and 192.168.1.1 is PC IP.
@@BikashsTech thank you sir....🙏
Itna confuse kr dya ki kya btau
Thanks for comment.
Hahahaha..
U-trun is easy to configure, if understand concept and to understand the concept, you need to know how DNS works.
@@BikashsTech no you are doing a great job i went through so many videos of yours but i felt this one is bit messy and mixed up...