- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
05-16-2016 03:54 AM
Hello Community,
Can someone please let me know if Palo Alto have any documentation examples of setting up access to a webserver from the Internet that resides in a DMZ?
Thank you
Carlton
05-16-2016 02:41 PM
If you are thinking why mentioned Public IP in the security policy not the private
---We mention always the ip based on the original / prenatted ip packet.
I found one old still the best documnet for understanding nat please follow the below link to check the same hope this may help
https://live.paloaltonetworks.com/t5/Documentation-Articles/Understanding-PAN-OS-NAT/ta-p/60965
05-16-2016 06:33 AM
Hi...I assume your case is to allow Internet users to connect to your web server in the DMZ and the server will be assigned a private IP address. Please checkout the section 'Destination NAT' in this NAT document which has an example of the NAT & security rules:
https://live.paloaltonetworks.com/t5/Documentation-Articles/Understanding-PAN-OS-NAT/ta-p/60965
The basic config is to define the inbound dest NAT rule to translate the public IP to the private IP, and the security policy rule to allow the specific app/traffic to the web server. Optionally, you can also define DoS protection rule to protect the server from possible DoS attacks.
Thanks,
05-16-2016 07:27 AM
BITHEAD,
This is great.
Is there any other similar documents showing examples of how to configure L3 - Sub-interfaces?
Regards
Carlton
05-16-2016 10:56 AM
yes, a quick search on 'l3 sub' has several useful results. Here's one:
05-16-2016 02:41 PM
If you are thinking why mentioned Public IP in the security policy not the private
---We mention always the ip based on the original / prenatted ip packet.
I found one old still the best documnet for understanding nat please follow the below link to check the same hope this may help
https://live.paloaltonetworks.com/t5/Documentation-Articles/Understanding-PAN-OS-NAT/ta-p/60965
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!