Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

DMZ Web Server Access Setup PT2

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

DMZ Web Server Access Setup PT2

L3 Networker

Hello Community,

 

Can someone please let me know if Palo Alto have any documentation examples of setting up access to a webserver from the Internet that resides in a DMZ?

 

Thank you

 

Carlton 

1 accepted solution

Accepted Solutions

L3 Networker

If you are thinking why mentioned Public IP in the security policy not the private

---We mention always the ip based on the original / prenatted ip packet.


I found one old still the best documnet for understanding nat please follow the below link  to check the same hope this may help

 

https://live.paloaltonetworks.com/t5/Documentation-Articles/Understanding-PAN-OS-NAT/ta-p/60965

View solution in original post

5 REPLIES 5

L6 Presenter

Hi...I assume your case is to allow Internet users to connect to your web server in the DMZ and the server will be assigned a private IP address.  Please checkout the section 'Destination NAT' in this NAT document which has an example of the NAT & security rules: 

 

https://live.paloaltonetworks.com/t5/Documentation-Articles/Understanding-PAN-OS-NAT/ta-p/60965

 

The basic config is to define the inbound dest NAT rule to translate the public IP to the private IP, and the security policy rule to allow the specific app/traffic to the web server.   Optionally, you can also define DoS protection rule to protect the server from possible DoS attacks.

 

Thanks,

 

L3 Networker

BITHEAD,

 

This is great. 

 

Is there any other similar documents showing examples of how to configure L3 - Sub-interfaces?

 

Regards

 

Carlton

yes, a quick search on 'l3 sub' has several useful results.  Here's one:

 

https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Create-Tagged-Sub-Interfaces/ta-p...

 

L3 Networker

comment2.pngcomment3.PNGcomment4.PNG

 

 

L3 Networker

If you are thinking why mentioned Public IP in the security policy not the private

---We mention always the ip based on the original / prenatted ip packet.


I found one old still the best documnet for understanding nat please follow the below link  to check the same hope this may help

 

https://live.paloaltonetworks.com/t5/Documentation-Articles/Understanding-PAN-OS-NAT/ta-p/60965

  • 1 accepted solution
  • 4174 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!