This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Configure a static 1-to-1 destination NAT policy

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Configure a static 1-to-1 destination NAT policy

lzabler
L1 Bithead

‎02-10-2017 07:11 PM

Hello Live Community, 

 

I am a new comer to the firewall game and I am wondering how would I go about setting up static 1-to-1 destination NAT policy on my PA-500 Firewall. I just recently set up the firewall using the documentation below and everything seems to be running great but my Xbox One device Nat is set to strict. I was wondering if someone could help me understand or show me a good example on how I could change that to open? I have read some great articles but still not fully understanding. Any help would be greatly appreciated!

 

Initial Firewall Setup:

https://live.paloaltonetworks.com/t5/Configuration-Articles/Setting-Up-the-PA-200-for-Home-and-Small...

 

Articles read on NAT:

https://live.paloaltonetworks.com/t5/Management-Articles/Palo-Alto-Networks-Firewalls-gaming-console...

 

https://live.paloaltonetworks.com/t5/Tech-Note-Articles/Understanding-PAN-OS-NAT/ta-p/60965

 

Thank you! 

Luke 

 

 

0 Likes Likes
3 REPLIES 3

TranceforLife
L6 Presenter

‎02-11-2017 02:24 AM - edited ‎02-11-2017 02:24 AM

Hi Luke,

 

Below the answer:

 

https://live.paloaltonetworks.com/t5/General-Topics/Natting-issue-with-new-subnet/m-p/141806#U141806

 

 

lzabler
L1 Bithead
In response to TranceforLife

‎02-11-2017 07:42 AM

 

TranceforLife,

 

Thank you for the information I think I am slowly getting it. Just a few questions. 

 

In the link that you sent me I see that in the diagram in Pre-Nat they have the "destination address" set up as 195.51.100.22 however I do not see that IP address in the overall diagram so I assume that address is where he wants to connect to correct?

 

If so I assume I need to find out what Xbox Lives IP address is and enter that in there? 

 

Thank you for all your help

Luke

 

0 Likes Likes

TranceforLife
L6 Presenter
In response to lzabler

‎02-12-2017 03:16 AM - edited ‎02-12-2017 03:25 AM

Hi,

 

So you can create a static NAT entry to forward all external traffic destined to a particular public IP to the private IP of the console. So you need to know your external IP for this to work. However, l do recommend to use DDNS for this to work better in case your external IP changed. So in the policy, you simply can put DNS name as a destination same as for nat config. More about DDNS. 

 

https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-and-Test-FQDN-Objects/t...

 

https://www.changeip.com/

0 Likes Likes
  • 2467 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks