U Turn NAT Concept | Deailed Explanation | Palo Alto Firewall training
ฝัง
- เผยแพร่เมื่อ 25 มี.ค. 2023
- In this Palo Alto training, you will learn concept of NAT. We will understand the scenario of internet user accessing a public server. We will understand why do we need U turn NAT.
- วิทยาศาสตร์และเทคโนโลยี
U-Turn NAT is required if user from Trust zone accessing the webserver who's public IP is part of Public DNS and it resolves to Public IP , so traffic goes to outside/untrust zone from Trust zone for this we need one NAT rule from Trust to Untrust and Already existing NAT rule from Untrust to DMZ for Destination NAT will be used to get to Actual DMZ server.
That's right.....There is one more video for U Turn NAT in the playlist. Which explains more about it.
Hi There,
I still dont get it. If the user from trust zone access to DMZ zone then we need NAT. We can route the traffic by simply assigning policy right?
In what scenario organization hosting web servers on DMZ but registered publicly so that internal users access it via public IP?
Dont the internal users access it on private IP itself?
Thanks
Dont the internal users access it on private IP itself? Yes they can but we don't do that. In that case you set up communication from trust to DMZ for that server which is open for public as well. As you are internal user and IP address might be allowed for some other things as well. If any how something goes wrong hackers may misuse this privilege.
So whenever one user wants to access a DMZ server hosted for public, that user also get out take a public IP and then goes to access DMZ server.
I hope you understand a bit now ?
@@freshdeveloper thanks. I dont find Uturn NAT config video. Could you share me the link.
Why U Turn nat is required in which scenario
@maheshmestry Have a look on its second part below
th-cam.com/video/SN0Zp7Atp4Y/w-d-xo.htmlsi=zbbUKkvLTzFxlHJH
When DMZ server is having public IP in Public DNS then our ADs will also be in syn with public DNS and when we access from LAN or Trust zone dns name then it will resolve Public IP instead of real DMZ IP. So in this case we need U Turn NAT
This is lecture is not expalined in details , there is lot more to discuss in U -turn NAT
Yes, its one of the part is missing. Will be uploading soon.
Not satisfied
Sorry to hear that, do you have any concern or question?
hi there,
i hope u have some knowledge on unat but u dont know to explain properly there are so much of confusions.. better prepare one new video
Thanks for feedback Avinash
I also feel this is creating confusion, i recorded new one for it.
Check this out
th-cam.com/video/SN0Zp7Atp4Y/w-d-xo.html
Feel free to reach me if you still have questions 😊
Where is the lab part
I checked it, i missed to upload that
Will upload new one. Thanks for observation 😊