PAN OS 5.0.10 is running. i have create a destination NAT translation but is not working and also i am not getting any logs. please suggest.
Can you post a screenshot of the security policy? Keep in mind that your security policy has to look like this:
Source Zone: Any (or Untrust)
Destination: Public IP
Destination Zone: Zone for Private IP
You should see the traffic in the traffic log.
Verify your Security Policy and NAT policy look like what you see below. Make sure that Destination address for your NAT and Security Policy is your Public IP.
Also, for your NAT policy use Source Zone: Untrust, Destination Zone: Untrust. Use only Private IP in your Translated Destination Address.
Could you confirm if the traffic for that IP address is even reaching the firewall ? Try configuring packet capture and see if the packet is reaching the firewall, if it's not then it should be a simple ARP or routing issue.
Hope it helps !
I would start by filtering your policy logs by the source address of the attempt. Then you can see what policy the traffic is hitting in your firewall. Make sure you do have a logging final deny all policy so it is not silently dropped and that logging is enabled for all policies.
Nat columns can be added to the monitor policy logs so you will also see from here if the traffic is being recognized by any of the nat rules.
Just to add something that has not been mentioned... It could be possible that the traffic is indeed reaching the firewall and the NAT itself working properly, but you need to make sure you have a route not only on the firewall to reach the private IP, but also a route configured on the server itself to get back to the outside world through the same firewall interface that was used to forward the incoming packets.
Hope this helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!