https://live.paloaltonetworks.com/t5/general-topics/destination-nat-vs-source-nat-with-bi-directional-option/m-p/138472#M47966 <P>Hi All,</P><P>&nbsp;</P><P>Thanks a lot for all the explanations.</P><P>&nbsp;</P> Fri, 20 Jan 2017 02:32:09 GMT harshaabba 2017-01-20T02:32:09Z https://live.paloaltonetworks.com/t5/general-topics/destination-nat-vs-source-nat-with-bi-directional-option/m-p/137520#M47811 <P>Hi All,</P><P>&nbsp;</P><P>In enterprise network, what are the usage scenarios for Destination NAT and Source NAT with Bi-directional option enable ?</P><P>&nbsp;</P><P>Cheers</P><P>Harsha</P> Sun, 15 Jan 2017 02:06:46 GMT https://live.paloaltonetworks.com/t5/general-topics/destination-nat-vs-source-nat-with-bi-directional-option/m-p/137520#M47811 harshaabba 2017-01-15T02:06:46Z https://live.paloaltonetworks.com/t5/general-topics/destination-nat-vs-source-nat-with-bi-directional-option/m-p/137543#M47812 <P>Hi,</P><P>&nbsp;</P><P>Very good explanation here:</P><P>&nbsp;</P><P><A href="https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/networking/nat-configuration-examples" target="_blank">https://www.paloaltonetworks.com/documentation/70/pan-os/pan-os/networking/nat-configuration-examples</A></P><P>&nbsp;</P><P><A href="https://www.youtube.com/watch?v=aVXzzZEgIA4" target="_blank">https://www.youtube.com/watch?v=aVXzzZEgIA4</A></P><P>&nbsp;</P><P>Doesn't&nbsp;matter enterprise or home network NAT still the same:</P><P>&nbsp;</P><P>Source&nbsp;NAT translates&nbsp;your source&nbsp;IP to a different one</P><P>Destination NAT translate your destination IP (one use of for&nbsp;enabling access to your internal servers from Internet)</P><P>Bi-directional really same as above, means by ticking the&nbsp;box you will create implicit Destination NAT policy. GUI will only show you that it is bidirectional&nbsp;but CLI will display the same rule&nbsp;as two separate (Source and Destination):</P><P>&nbsp;</P><P><SPAN>&gt; show running nat-policy</SPAN></P><P>&nbsp;</P><P>Thx,</P><P>Myky&nbsp;</P> Sun, 15 Jan 2017 07:55:25 GMT https://live.paloaltonetworks.com/t5/general-topics/destination-nat-vs-source-nat-with-bi-directional-option/m-p/137543#M47812 TranceforLife 2017-01-15T07:55:25Z https://live.paloaltonetworks.com/t5/general-topics/destination-nat-vs-source-nat-with-bi-directional-option/m-p/137599#M47819 <P>Here's a video where I explain several scenarios : <A title="Tutorial: Network Address Translation " href="https://www.youtube.com/watch?v=zLqsSuOVzzU" target="_blank">Tutorial: Network Address Translation </A></P> <P>&nbsp;</P> <P>There is only one configuration method allowed where the bi-directional option is supported, and that is for source nat (bi-directional cannot be enabled when destination NAT is configured because the bi-directional option needs to be able to set the destination option in the implied reverse policy</P> <P>&nbsp;</P> <P>if for example the configured rule is like this:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="bidirectional nat.png"><img src="https://live.paloaltonetworks.com/skins/images/2F2A72B3BE70ACC5EBC3E1D7685F5297/responsive_peak/images/image_not_found.png" alt="bidirectional nat.png" /></span></P> <P>the bi-directional option will create an implied rule that sets destination translation for IP 2.2.2.2 if the original packet is headed toward 10.0.0.1 coming from the remote zone</P> <P>&nbsp;</P> <P>hope this helps</P> <P>Tom</P> <P>&nbsp;</P> Mon, 16 Jan 2017 08:50:51 GMT https://live.paloaltonetworks.com/t5/general-topics/destination-nat-vs-source-nat-with-bi-directional-option/m-p/137599#M47819 reaper 2017-01-16T08:50:51Z https://live.paloaltonetworks.com/t5/general-topics/destination-nat-vs-source-nat-with-bi-directional-option/m-p/138472#M47966 <P>Hi All,</P><P>&nbsp;</P><P>Thanks a lot for all the explanations.</P><P>&nbsp;</P> Fri, 20 Jan 2017 02:32:09 GMT https://live.paloaltonetworks.com/t5/general-topics/destination-nat-vs-source-nat-with-bi-directional-option/m-p/138472#M47966 harshaabba 2017-01-20T02:32:09Z