Destination NAT with Port Range

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Destination NAT with Port Range

L0 Member

Hi !

 

We are trying to configure Destination NAT rule for a VC device on Palo Alto 820 NGFW. we need to allow range of TCP ports(Ex:3000-3050) but we could not find the option to configure the port range under the translated tab. find the below requirement for your reference.

Original Packet: Src.IP:Any, Dst.IP:1.1.1.1, DstPortrange: 3000-3050

Translated Packet: Src.IP:original, Dst.IP:192.168.10.1 DstPort Range: 3000-3050 

Please let me know if anybody has gone through this scenario with the solution

 

1 REPLY 1

L3 Networker

Unless you are you trying to change the port as part of the translation, you can define the port range as a services object, and then refer to it on the "Original Packet" page of the NAT rule, where you would identify the destination zone and interface. Then your NAT rule will only apply to traffic going to that destination NAT address when it is bound for those ports.

 

2019-10-22_7-51-09.jpg


Bruce.

Learn at least one new thing every day.
  • 4990 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!