Guide for troubleshooting Nats security policies

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Guide for troubleshooting Nats security policies

L1 Bithead

Looking to see if there is a troubleshooting guide for NATS and for Security Policy rules.

 

Searching has turned up various hits here and there, but not something comprehensive as what cisco has on their site for their docs.

 

Am I just looking in the wrong place?

 

Any other PA sites that have good info besides these boards?

 

 

 

2 REPLIES 2

Cyber Elite
Cyber Elite

@dmoore-acc360,

Troubleshooting information is really something I've best found in KB articles and by learning more about the feature itself. The majority of actual troubleshooting documentation for PAN is internal documentation and really isn't available to customers. 

Policy troubleshooting is relatively straight-forward once you understand all of the options and the top-down analysis of the firewall however. Assuming that you actively know about the test functionality to verify that you have a matching policy, what additional documentation were you hoping to find? 

 

(Text doesn't always pass tone well, so just to be clear the last question is a genuine question. What type of troubleshooting documentation are you hoping to find an equivalent of? Could you share an example of the Cisco document that you're referencing). 

Cyber Elite
Cyber Elite

Hi @dmoore-acc360 ,

 

Great question.  For starters, you can go to the PAN-OS® Administrator’s Guide https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin.  Scrolling down the Table of Contents on the left, you will find Policy.  Under Policy > Policy Types, you will find a table of the different policies and a link to the documentation for each one.

 

With regard to troubleshooting, sometimes you can Google "palo alto <feature> resource list" and see if you get a hit.  I found this for the security policy -> https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClgACAS.

 

I found this doc for NAT -> https://knowledgebase.paloaltonetworks.com/servlet/fileField?entityId=ka10g000000D83FAAS&field=Attac....  It has example security and NAT policies, which are VERY useful.  Here's another one -> https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CllzCAC.

 

There is a free course on Beacon, Firewall 9.1 Essentials, that has excellent online tutorials on security and NAT policies.

 

This link has videos -> https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PN7rCAG with a few security and NAT policy topics.  The video for destination NAT has another excellent video on the relationship between NAT and security policies.

 

I hope this helps.  If do, please mark as solution!  🙂

 

Thanks,

 

Tom

 

Edit:  I forgot this link -> https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGZCA0.  All NAT configurations require a route (connected or other) in order to work.

Help the community: Like helpful comments and mark solutions.
  • 11064 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!