- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-09-2012 01:25 AM
Hi There,
I have got a program "Papercut" installed on my Fileserver1. The program listens on port 9191. ISP has created a sub-domain which routes all traffic using http://papercut.xxx.com to an external IP address of 213.1.215.4.
Shortcut to "Papercut" on our internal network is http://fileserver01:9191. I want to implement a rule for the Wireless users on a seperate VLAN to be able to access "Papercut", since they are not recognized on our internal network's IP addresses.
I know we need to have a NAT rule created, but cannot get my heads around. Help would be appreciated.
Thank you
Regards,
Kal
03-09-2012 02:33 AM
No need to use NAT in your case.
I assume your fileserver1 have a defgw which points to your router.
You can then put a static route entry in your router to point out where the wifi-clients are connected (iprange of wifi-clients with nexthop to your PAN box - I assume your network is similar to router <-> PAN <-> access-point <-> wifi-clients).
Or am I missing something here?
Then in your PAN you can as debug just allow appid:any, service:tcp9191 to see how PAN will detect the flows and once found out limit the appid to only use the detected application(s).
03-10-2012 02:19 PM
Hi...are the wireless users on the same private IPs as your server? If so, you may need to do U-turn NAT. See: https://live.paloaltonetworks.com/docs/DOC-1678.
Thanks.
03-25-2012 04:34 AM
Fixed it. U-turn NAT was required. Thanks Guys...
Regards,
Kalyan
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!