U Turn NAT | Why and how do we configure it | Palo Alto firewall
ฝัง
- เผยแพร่เมื่อ 26 ก.ย. 2024
- In this Palo Alto training session, you will learn what is U turn NAT. Why do we configure that. At the end we will set up a lab on EVE NG and see how does its configuration work on Palo Alto firewall.
For all training videos in this series, please go to below links.
Hi Sir,is it necessary to have DMZ and internal zone in same subnet?>
Man You Explain well
Thank you, i am improving
Also on the same Source NAT you applied destination NAT which is not required because we already have a D-NAT from Untrust to Untrust to NAT from 50.50.50.100 to 10.1.1.100 which takes care of traffic from Untrust to DMZ.
That's right, i just demonstrated that we can do both on same policy.
For the destination NAT rules you have setup, shouldn't be the destination zone in security policy be DMZ instead of Untrust ?
It's for outside traffic....
Hello Sir, it seems Security policy for inbound ACL is wrong. As per my understanding the destination Zone and IP should pre Nat BUT POST ZONE.
Please correct me if I'm wrong.
Can you be little specific at what time duration of the video you are referring
May explain better....
No NAT or Security policy required from Untrust DMZ ? As the server is in DMZ zone right!! please clarify.
It will be required to allow traffic from Untrust to DMZ.
@@freshdeveloper Thanks for the response but in the video you created only from trust to untrust. And it started working.
First security policy cannot be untrust to untrust because as per Packet flow NAT happens first so zone gets changed so it should be Untrust to Trust but IP remains pre-nat IP
I don't think NAT happens first. it looks up the NAT if its required or not. But actually security policy checks first and then NAT takes place.
Could you let me know from where did you create the IP address 50.50.50.100 in PA and assign it as public IP for webserver?
Promo sm
Keep it up mate, let me know if needed any help