02-28-2018 10:52 AM
My goal is to be able to reroute traffic from internal server 192.168.0.10 port 123 to other internal server 192.168.0.20 port 456
My understanding is that I do not need a u-turn nat rule since we're using internal IP addresses, however so far I've not found any rule configuration that successfully makes the translation when tested nor have I been able to find any examples of others doing similar.
Any help on this would be much appreciated.
02-28-2018 12:32 PM
So then the connection goes dirwctly and not over the firewall, which means in this configuration there is no way to configure a NAT rule on the firewall.
To be able to do that you would need an IP on the firewall. Then the firewall will be able to re-route the traffic with a NAT policy and in case of a failure you can change this NAT rule
02-28-2018 11:38 AM
What is now the actual source (address and zone) and destination (address and destination) where you want to have a connection?
02-28-2018 11:45 AM
For example client machine is 192.168.0.105
They currently access website at http://192.168.0.10
I'm setting up a server to act as failover on 192.168.0.20
I do not want user to have to manually change their bookmark etc. in case of failure, rather I have a script on 20 that monitors 10 and I would like that script to access the Palo Alto API to reroute traffic from 10 to 20
I already have the script and API figured out and working, however I haven't figured out how to setup the nat rule to forward traffic from 10 to 20 when client is internal
02-28-2018 11:49 AM
Forgot to mention that client and both servers are all in trust zone
02-28-2018 12:15 PM
Do you have a vwire between the clients and servers or are they all located in the same (I assume /24) subnet?
02-28-2018 12:18 PM
They are in the same subnet
02-28-2018 12:32 PM
So then the connection goes dirwctly and not over the firewall, which means in this configuration there is no way to configure a NAT rule on the firewall.
To be able to do that you would need an IP on the firewall. Then the firewall will be able to re-route the traffic with a NAT policy and in case of a failure you can change this NAT rule
02-28-2018 12:34 PM
Gotcha. That makes sense. Thank you.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
