GlobalProtect with NATet interface

Showing results for 
Show  only  | Search instead for 
Did you mean: 

GlobalProtect with NATet interface

L1 Bithead

I have a PA200, and is using eth1 for outside (internet) and eth2 for inside. I'm NATing from eth2 to eth1, as normal.

Now i want to have the management https address on the eth1 for several reasons.

At home its just for testing, but at my office i have PA200 between subnets that is duplicate, and not nessesary to route to.

When i use a management profile with access to ping and https on eth1, it wont't work.

I suspect the NAT rule has something to do with it. Cause when i set it up in my lab with no NAT, it works.

Any tips for me please?


I dont NAT anything from untrust to trust, i only have a overload nat from trust to untrust.

But it seams that it blocks everything, including ping, and https (thats why the GP wont connect).

Thanks! I'll try that later today.

I got ping working if i add a roule thats like this:

Screen Shot 02-10-14 at 09.40 AM.PNG.png is just there to mas my origin public ip. The other rule is gone, as this is a test box at work.

This rule is not a need but your other NAT rules are have any other NAT rule with source zone any ?

or just 1 NAT rule from trust to untrust ?

Since im not home now, i cant confirm, but yes, i might have to rule setup with source any, and not pined down to my trust zones.

This is bad practice, i know. But is that the problem? I'll doublecheck when i get home.

The rule might be like this one, with source any.

Screen Shot 02-10-14 at 10.12 AM.PNG.png

Yes it will be a problem as said.

Try to change it with Trust and then test again.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!