topic PA 2050 Port forwarding question in General Topics https://live.paloaltonetworks.com/t5/general-topics/pa-2050-port-forwarding-question/m-p/30732#M22500 <HTML><HEAD></HEAD><BODY><P>I'm new to the PA 2050.</P><P></P><P>I'm trying to determine the best way of forwarding multiple incoming services on multiple external addresses to multiple internal servers. My PA 2050 is set up in L3 configuration. I have NAT policy rules for all my external-&gt;internal address pairs.</P><P></P><P>My delimma: I have several internal SMTP/FTP/WEB servers behind my 2050, listening on several external addresses. It appears I can NAT each service as a separate NAT policy rule, OR, I can leave the 1 to 1 NAT rule and create a security policy for incoming traffic from "untrust" -&gt; "trust", "any" source address, and select the destination server and application/service to forward the traffic on to. Or can I? Is one more efficient and/or flexible than the other?</P><P></P><P>Thanks,</P><P><BR />David Scott</P></BODY></HTML> Wed, 18 Aug 2010 21:24:47 GMT david_scott 2010-08-18T21:24:47Z PA 2050 Port forwarding question https://live.paloaltonetworks.com/t5/general-topics/pa-2050-port-forwarding-question/m-p/30732#M22500 <HTML><HEAD></HEAD><BODY><P>I'm new to the PA 2050.</P><P></P><P>I'm trying to determine the best way of forwarding multiple incoming services on multiple external addresses to multiple internal servers. My PA 2050 is set up in L3 configuration. I have NAT policy rules for all my external-&gt;internal address pairs.</P><P></P><P>My delimma: I have several internal SMTP/FTP/WEB servers behind my 2050, listening on several external addresses. It appears I can NAT each service as a separate NAT policy rule, OR, I can leave the 1 to 1 NAT rule and create a security policy for incoming traffic from "untrust" -&gt; "trust", "any" source address, and select the destination server and application/service to forward the traffic on to. Or can I? Is one more efficient and/or flexible than the other?</P><P></P><P>Thanks,</P><P><BR />David Scott</P></BODY></HTML> Wed, 18 Aug 2010 21:24:47 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-2050-port-forwarding-question/m-p/30732#M22500 david_scott 2010-08-18T21:24:47Z Re: PA 2050 Port forwarding question https://live.paloaltonetworks.com/t5/general-topics/pa-2050-port-forwarding-question/m-p/30733#M22501 <HTML><HEAD></HEAD><BODY><P>Yes, both are viable solutions. It would be more efficient to have the single NAT rule and configure the app/service int the Security rule.</P></BODY></HTML> Wed, 25 Aug 2010 14:18:52 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-2050-port-forwarding-question/m-p/30733#M22501 ggutierrez 2010-08-25T14:18:52Z