topic NAT mapping public to private IP in General Topics https://live.paloaltonetworks.com/t5/general-topics/nat-mapping-public-to-private-ip/m-p/583908#M116676 <P>Hello all,</P> <P>&nbsp;</P> <P>I have been updating our NAT policies within our PA-3220 to specify traffic translation mapping from our public addresses to private addresses. After committing the changes the traffic has only been routing to the catch all NAT rule at the bottom of our NAT policies. I am concerned that I did not configure everything correctly after following Palo's guide and would like any suggestions to correct the traffic.</P> <P>&nbsp;</P> <P>The current NAT configurations look like this (image attached below):</P> <P>&nbsp;</P> <P>Name: Squid Proxy | Source: Untrusted | Destination : Trusted | Destination Interface: e1/19 | Source Address: Any | Destination: (Public IP) | Service: Any | Source Translation: dynamic-ip-and-port, e1/19 | Destination Translation: 10.20.1.249</P> <P>&nbsp;</P> <P>Any help would be appreciated. Thank you!</P> <P>&nbsp;</P> Tue, 16 Apr 2024 15:16:20 GMT BenjaminRaimondi 2024-04-16T15:16:20Z NAT mapping public to private IP https://live.paloaltonetworks.com/t5/general-topics/nat-mapping-public-to-private-ip/m-p/583908#M116676 <P>Hello all,</P> <P>&nbsp;</P> <P>I have been updating our NAT policies within our PA-3220 to specify traffic translation mapping from our public addresses to private addresses. After committing the changes the traffic has only been routing to the catch all NAT rule at the bottom of our NAT policies. I am concerned that I did not configure everything correctly after following Palo's guide and would like any suggestions to correct the traffic.</P> <P>&nbsp;</P> <P>The current NAT configurations look like this (image attached below):</P> <P>&nbsp;</P> <P>Name: Squid Proxy | Source: Untrusted | Destination : Trusted | Destination Interface: e1/19 | Source Address: Any | Destination: (Public IP) | Service: Any | Source Translation: dynamic-ip-and-port, e1/19 | Destination Translation: 10.20.1.249</P> <P>&nbsp;</P> <P>Any help would be appreciated. Thank you!</P> <P>&nbsp;</P> Tue, 16 Apr 2024 15:16:20 GMT https://live.paloaltonetworks.com/t5/general-topics/nat-mapping-public-to-private-ip/m-p/583908#M116676 BenjaminRaimondi 2024-04-16T15:16:20Z Re: NAT mapping public to private IP https://live.paloaltonetworks.com/t5/general-topics/nat-mapping-public-to-private-ip/m-p/583913#M116678 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/793632343">@BenjaminRaimondi</a>&nbsp;,</P> <P>&nbsp;</P> <P>Please change your destination zone to untrusted as well. In your security policy, the destination zone will be the true source zone. Here is a very helpful article written by&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/7608">@reaper</a>&nbsp;on NATs. <A href="https://live.paloaltonetworks.com/t5/community-blogs/i-m-gonna-make-him-a-nat-rule-he-can-t-refuse/ba-p/148940" target="_blank">https://live.paloaltonetworks.com/t5/community-blogs/i-m-gonna-make-him-a-nat-rule-he-can-t-refuse/ba-p/148940</A></P> Tue, 16 Apr 2024 16:24:38 GMT https://live.paloaltonetworks.com/t5/general-topics/nat-mapping-public-to-private-ip/m-p/583913#M116678 JayGolf 2024-04-16T16:24:38Z