I am looking to what I would call port address translation, but am unfamiliar with how to do it on the PA. Basically I need a public IP to route SNMP traffic to one inside address, and syslog traffic to another inside address. This will also only apply to a single host from the outside. Can someone give me high level steps to what I need to configure?
This doc will come in handy Understanding PAN-OS NAT
In short you'd need two nat rules, both from untrust to untrust with the same destination (public) IP but each with it's own destination port and unique destination NAT ip address (see page 21 of the above document)
hope this helps
You Can configure following NAT statements for same public IP:
Untrust to Untrust from any source address to your public ip_1 on 25 then translate to private ip_1 to 25
Untrust to Untrust from any source address to your public ip_1 on 443 then translate to private ip_2 to 4443
Untrust to Untrust from any source address to your public ip_1 on 80 then translate to private ip_3 to 8080
Hope this helps. Thank you.
You can also create a bidirectional NAT rule which looks like this:
The source address being the private IP of the server and translated Ip being the public facing IP. This basically splits the NAT rule internally into two- one for outbound and another for inbound. You can refer to above document given by tpiens to understand this better.
Refer following document that should be enough.
220.127.116.11 - Host on the Internet for which you need NAT to be applicable
18.104.22.168 - Is the Public IP on Untrust
22.214.171.124 - Is the SMTP server on DMZ
SMTP service has TCP port 25 >> Which you need to create
You can repeat the same for other services.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!