i am about to transfer from Mikrotik router to palo alto i have one issue i don't know how to do it in palo alto
i have some servers with privet IP address and ports (web-server and database server) and these servers need to be accessible from our public IP address so what i do in Mikrotik router just add destination NAT its contain the server IP and port to our public IP and port to be accessible from our clients
how can i do it in palo alto FW i will be so thankful if some one help me with configuration
Take a look at this, destination nat example one address to many servers behind the firewall, of course each server must be on different port.
In palo Alto you need to create first NAT Rule with same destination and source zone and for destination translated port for you need to specify the port which server need to listen on.
for example user open url https://126.96.36.199 then if server is listening on port say 456 then under destination port translation you can put port 456 and also server private ip address.
Then security policy with your external zone as source and destination zone where server lives.
Destination IP will be the public IP.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!