This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

NAT LOGGING

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

NAT LOGGING

calabilla
L0 Member

‎10-19-2024 10:30 AM

Hello,

 

  I am a newbie so please bear with me, I Have a very simple LAB with a Palo Alto firewall with 11.00 Ver and an internet connection.I know that to provide internet connection to the user i would need a Policy,default route and a source NAT.

 

Lets suppose I dont have a Source NAT for the internet connection, how would I know that I am missing a source NAT.

is there a command which shows that the packet is dropping due to source NAT not available?

 

Thanks

calabilla

0 Likes Likes
1 REPLY 1

SutareMayur
L6 Presenter

‎10-19-2024 09:24 PM - edited ‎10-19-2024 09:27 PM

Hi @calabilla 

 

First of all, we all know to go over the internet, source private needs to be NAT with public IP to route traffic over the internet. This is our basic understanding for the network/firewall topology and how traffic flows over the internet.

 

Now if you miss NAT configuration, there is no direct indication to understand this but there are some in-direct ways to know it. Traffic logs will not show this traffic as dropped/denied as Security policy will allow it. Now as NAT policy is missing, firewall will just send traffic based on the matched route and forward packet to the next hop. For internet destination, it will match default route pointing to internet/ISP hop.

 

As we do not have NAT, with source private IP traffic will be routed to next hop. As private IP is not routable over the internet, there will be no response to that request and connection will be reset.

 

Now from Palo Alto, you can see some indications under traffic logs like,

1. Look for session end reason under traffic logs, it will show Resets/or aged out. In normal cases, you will see TCP-FIN when session is completed. 
2. If you open that specific traffic logs, you will se bytes sent but there will not be any bytes received as there will be no response to that request. In normal cases, when session is successful, there will be responses and bytes received counter will get updated with number of bytes received.
3. If you enable packet capture, you will not see any received response in that as well. 

 

So this way, you can understand what is happening with that ongoing session and check these pointers.

 

Hope it helps!

 

 

 

M

Check out my YouTube channel - https://www.youtube.com/@NetworkTalks
0 Likes Likes
  • 79 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks