https://live.paloaltonetworks.com/t5/general-topics/dell-idrac-configuration-assistance/m-p/551128#M112272 <P>I am having to step in during a transition and I cannot seem to get my configuration right, and I am hoping someone can provide me examples of what rules (NAT and Security) that I might need to allow iDRAC access to a couple of servers that reside in our untrusted zone from a specific public ip.&nbsp; I have assigned the iDRAC controllers public ip's on the firewall, but I am unable to get them to show up via https.&nbsp; Any help or pointers would be greatly appreciated.</P> Wed, 26 Jul 2023 17:24:26 GMT SCS_BPotts 2023-07-26T17:24:26Z https://live.paloaltonetworks.com/t5/general-topics/dell-idrac-configuration-assistance/m-p/551128#M112272 <P>I am having to step in during a transition and I cannot seem to get my configuration right, and I am hoping someone can provide me examples of what rules (NAT and Security) that I might need to allow iDRAC access to a couple of servers that reside in our untrusted zone from a specific public ip.&nbsp; I have assigned the iDRAC controllers public ip's on the firewall, but I am unable to get them to show up via https.&nbsp; Any help or pointers would be greatly appreciated.</P> Wed, 26 Jul 2023 17:24:26 GMT https://live.paloaltonetworks.com/t5/general-topics/dell-idrac-configuration-assistance/m-p/551128#M112272 SCS_BPotts 2023-07-26T17:24:26Z https://live.paloaltonetworks.com/t5/general-topics/dell-idrac-configuration-assistance/m-p/551835#M112335 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/305860">@SCS_BPotts</a>&nbsp;,</P> <P>&nbsp;</P> <P>If you would like external iDRAC access you will need to create a DNAT policy and Security Policy.&nbsp;</P> <P>&nbsp;</P> <P><SPAN>The DNAT rule will translate the incoming public IP to the internal IP of the respective server. This will allow external access to the servers via their iDRAC IPs.&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN>DNAT Rule</SPAN></P> <P><SPAN>Src Zone: Untrust</SPAN></P> <P><SPAN>Dst Zone: Untrust</SPAN></P> <P><SPAN>Src Address: Enter the specific public IP</SPAN></P> <P><SPAN>Dst Address: Public i</SPAN><SPAN>DRAC IP&nbsp;</SPAN></P> <P><SPAN>Service: Specify which port</SPAN></P> <P><SPAN>Src Translation: dynamic ip and port, specify the internal address/interface</SPAN></P> <P><SPAN>Dst Translation: Specify the internal IP&nbsp;</SPAN></P> <P>&nbsp;</P> <P>Then create your security policy to allow the public IP to the internal IP.&nbsp;</P> <P>&nbsp;</P> <P>Src Zone: Untrust</P> <P>Src Address; Public IP</P> <P>Dst Zone: Zone where the server is in&nbsp;</P> <P>Dst Address: Internal IP&nbsp;</P> <P>Service: Port if you would like</P> <P>Application: Application you would like</P> <P>&nbsp;</P> <P><SPAN>Hope this helps or gets you in the right direction.</SPAN></P> <P>&nbsp;</P> Mon, 31 Jul 2023 17:37:45 GMT https://live.paloaltonetworks.com/t5/general-topics/dell-idrac-configuration-assistance/m-p/551835#M112335 JayGolf 2023-07-31T17:37:45Z https://live.paloaltonetworks.com/t5/general-topics/dell-idrac-configuration-assistance/m-p/551894#M112344 <P>Thank you.&nbsp; I was able to figure it out, and set it up late last week, and was able to get it to show a bad request page initially. Then I was able to determine that the bad request page was due to the firmware on the iDRAC coupled with the iDRAC web server not liking the headers when the packets went from internal to external and vice versa via static ips.&nbsp; Updating the firmware and setting a dns entry for the outside address in the iDRAC webserver fixed that and now it is working like it should.</P> Mon, 31 Jul 2023 23:05:08 GMT https://live.paloaltonetworks.com/t5/general-topics/dell-idrac-configuration-assistance/m-p/551894#M112344 SCS_BPotts 2023-07-31T23:05:08Z