topic Re: List of network asddress translations in Next-Generation Firewall Discussions

List of network asddress translations

mccoyb — Wed, 31 Jul 2024 12:28:12 GMT

How do I get a detailed list of all NAT/PATs in the firewall. From what I can find nothing shows all the translatoins. I need to see an internal private IP translated to an external public IP, one for one.

Re: List of network asddress translations

Adrian_Jensen — Wed, 31 Jul 2024 16:49:05 GMT

You can go to the Policies->NAT, at the bottom click the "PDF/CSV" page and it will spit out a CSV of all the displayed NAT rules (filtered using the terms in the search box at the top if you entered values there). The CSV will contain columns for the source IP/Zone and translated source/destination type/IP/options. Note 1: The address (both source and destination) will be the value entered in the config... so that may be an IP address, or it may be the address object name, if an object name was used in the config. You may have to convert the value. Note 2: Pay attention to the translation option "bi-directional: yes" which means that that rule automatically creates a reciprocal rule with the source/translation values reversed.

Re: List of network asddress translations

TomYoung — Wed, 31 Jul 2024 17:34:52 GMT

Hi @mccoyb ,

If you run the "show session all" command you will see the the NATed IP addresses for all of your sessions.

67137512 ldap ACTIVE FLOW NS 192.168.55.218[62453]/trust-L3/17 (10.66.22.55[17114]) vsys1 10.66.22.243[389]/dmz-L3 (10.66.22.243[389])

This example was taken from this document -> https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClsVCAS.

The top line is the source IP address.
The bottom line is the destination IP address.
The left IP address is the pre-NAT IP address.
The right IP is the post-NAT IP address.

In this example, 192.168.55.218 is NATed to 10.66.22.55. (It is a lab NGFW.) So, you can see all of the current NAT translations on the NGFW equivalent to the Cisco "show ip nat translations" or "show xlate".

You can use filters as explained in the document to show only the traffic you want.

Thanks,

Tom

PS You can also enable additional columns in the Monitor tab. Please see this post and scroll down to the pictures. https://live.paloaltonetworks.com/t5/general-topics/nat-sessions/td-p/50186

Re: List of network asddress translations

mccoyb — Wed, 31 Jul 2024 19:25:29 GMT

Thanks for the reponse. I saw this in my research but since all flows are included I guess I didn't see the tree for the forest. The site I am looking at has a lot of traffic and only about 20 NATs.

Re: List of network asddress translations

TomYoung — Wed, 31 Jul 2024 20:10:03 GMT

Hi @mccoyb ,

Good point. The filters are very useful. Check this one out:

user@ngfw(active)> show session all filter nat both Both source and destination NAT destination Destination NAT none No NAT source Source NAT

You can limit the sessions to only source NAT, destination NAT, or both. You could also add columns and filter in the GUI.

Thanks,

Tom

Re: List of network asddress translations

mccoyb — Wed, 31 Jul 2024 20:14:03 GMT

That helps greatly Tom. Thanks for the help