Destination NAT with Port Range

Reply
L0 Member

Destination NAT with Port Range

Hi !

 

We are trying to configure Destination NAT rule for a VC device on Palo Alto 820 NGFW. we need to allow range of TCP ports(Ex:3000-3050) but we could not find the option to configure the port range under the translated tab. find the below requirement for your reference.

Original Packet: Src.IP:Any, Dst.IP:1.1.1.1, DstPortrange: 3000-3050

Translated Packet: Src.IP:original, Dst.IP:192.168.10.1 DstPort Range: 3000-3050 

Please let me know if anybody has gone through this scenario with the solution

 

L2 Linker

Re: Destination NAT with Port Range

Unless you are you trying to change the port as part of the translation, you can define the port range as a services object, and then refer to it on the "Original Packet" page of the NAT rule, where you would identify the destination zone and interface. Then your NAT rule will only apply to traffic going to that destination NAT address when it is bound for those ports.

 

2019-10-22_7-51-09.jpg

Learn at least one new thing every day.
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!