https://live.paloaltonetworks.com/t5/general-topics/problem-with-nat-rules/m-p/42832#M31437 <HTML><HEAD></HEAD><BODY><P>Hello</P><P></P><P>Task is simple, give access to 3 IP from Internet to camera on non-standart ports. Ports and&nbsp; local IP are:</P><P></P><P> 192.168.220.251:554 -&gt; x.x.x.x:554</P><P> 192.168.220.251:80 -&gt; x.x.x.x:8881</P><P> 192.168.220.251:8554-8557 -&gt; x.x.x.x:8554-8557</P><P>where x.x.x.x is one of IP belongings for my PA and is used for NAT from this zone to untrust.</P><P></P><P>I created security rules:</P><P><IMG alt="2014-05-20_174032.png" class="jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/13574_2014-05-20_174032.png" style="width: 620px; height: 33px;" /></P><P>and NAT rules:</P><P><IMG alt="2014-05-20_174055.png" class="jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/13575_2014-05-20_174055.png" style="width: 620px; height: 67px;" /></P><P>but it doesn't working. For first step I'd like to test port 80 redirection.</P><P></P><P>So I try to change something. When I remove 8881tcp from security number 14 I'm able to open web page of IP camera using x.x.x.x:80.</P><P></P><P></P><P>Please tell me where is my mistake?</P><P></P><P>With regards</P><P>SLawek</P></BODY></HTML> Tue, 20 May 2014 19:05:33 GMT _slv_ 2014-05-20T19:05:33Z https://live.paloaltonetworks.com/t5/general-topics/problem-with-nat-rules/m-p/42832#M31437 <HTML><HEAD></HEAD><BODY><P>Hello</P><P></P><P>Task is simple, give access to 3 IP from Internet to camera on non-standart ports. Ports and&nbsp; local IP are:</P><P></P><P> 192.168.220.251:554 -&gt; x.x.x.x:554</P><P> 192.168.220.251:80 -&gt; x.x.x.x:8881</P><P> 192.168.220.251:8554-8557 -&gt; x.x.x.x:8554-8557</P><P>where x.x.x.x is one of IP belongings for my PA and is used for NAT from this zone to untrust.</P><P></P><P>I created security rules:</P><P><IMG alt="2014-05-20_174032.png" class="jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/13574_2014-05-20_174032.png" style="width: 620px; height: 33px;" /></P><P>and NAT rules:</P><P><IMG alt="2014-05-20_174055.png" class="jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/13575_2014-05-20_174055.png" style="width: 620px; height: 67px;" /></P><P>but it doesn't working. For first step I'd like to test port 80 redirection.</P><P></P><P>So I try to change something. When I remove 8881tcp from security number 14 I'm able to open web page of IP camera using x.x.x.x:80.</P><P></P><P></P><P>Please tell me where is my mistake?</P><P></P><P>With regards</P><P>SLawek</P></BODY></HTML> Tue, 20 May 2014 19:05:33 GMT https://live.paloaltonetworks.com/t5/general-topics/problem-with-nat-rules/m-p/42832#M31437 _slv_ 2014-05-20T19:05:33Z https://live.paloaltonetworks.com/t5/general-topics/problem-with-nat-rules/m-p/42833#M31438 <HTML><HEAD></HEAD><BODY><P>When creating a Inbound NAT make sure that you source address is the address of where the traffic is coming from. In this case of the camera.</P><P>Your destination address is the public interface IP on the palo alto firewall.</P><P>Since you have them hidden and not described in the above question not sure if that is what you are doing. Please confirm that.</P><P></P><P>Following document from page 15 explains different destination NAT scenarios.</P><P><A href="https://live.paloaltonetworks.com/docs/DOC-1517">Understanding PAN-OS NAT</A></P><P></P><P>Please let us know if this helps.</P><P><BR />Thank you</P><P>Numan </P></BODY></HTML> Tue, 20 May 2014 19:31:25 GMT https://live.paloaltonetworks.com/t5/general-topics/problem-with-nat-rules/m-p/42833#M31438 mbutt 2014-05-20T19:31:25Z