Azure Nat Configuration

L1 Bithead

Azure Nat Configuration

With the NAT VM no longer being required and you can assign a public address to NIC1  I have a question on the NAT process concerning only connectivity from resources to the interent. Do you need to configure a source nat policy or do you just forward traffic to 0.0.0.0/0 via a static route to the .1 address of the subnet on NIC1 and the Azure environment will do the translation? It is my understanding you only assign the public IP address to the VM NIC and do not assign this to an interface within the Palo Alto configuration?

Thanks,

Steve

L2 Linker

Re: Azure Nat Configuration

Steve,

   For outbound, just add a static route that forwards trafffic as you suggest. I *think* you can just forward it to eth 1/1 (an not mention the ip address of the subnet) of the fw -- assuming eth1/1 is what NIC1 is connected to. 

 

The NIC in Azure has the public IP and the firewall doesn't even see it. It only see the private address.

L1 Bithead

Re: Azure Nat Configuration

I was not able to get this to work without putting a source nat policy in and after I put that in internet access is available. 

nat-type ipv4;
from trust;
source any;
to INTERNET;
to-interface ethernet1/1 ;
destination any;
service any/any/any;
translate-to "src: ethernet1/1 x.x.x.x (dynamic-ip-and-port) (pool idx: 1)";

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!