NAT to server on DMZ?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

NAT to server on DMZ?

Not applicable

I have a PA-500.  Our public block of IP addresses come in on Ethernet1/1 (Untrust Zone). I have no trouble NAT'ing in an outside IP to an internal device that is physically connected to a network on Ethernet1/2 (Trust Zone).  Now, I created a "dmz" on Ethernet 1/4 and I gave the interface the address of 10.4.1.1.  I put a client on this network and I am able to connect to the internet just fine.  I installed Apache on the client to see if I could NAT in to a device on the DMZ and I it is not working for me. I don't know what I am missing...  any help?

1 accepted solution

Accepted Solutions

L2 Linker

In your DMZ Inbound NAt rule, please replace "DMZ_Installs" with "Untrust" under destination zone. After commiting this change, your issue should be resolved, please let me know.

-snisar

View solution in original post

2 REPLIES 2

L2 Linker

In your DMZ Inbound NAt rule, please replace "DMZ_Installs" with "Untrust" under destination zone. After commiting this change, your issue should be resolved, please let me know.

-snisar

Palo Alto Networks Guru

To add a bit of explanation... the destination zone in NAT policy is the zone that the destination IP address is in before performing NAT.  So in your case, it is your public IP address on Ethernet1/1 (Untrust zone).

Thanks,
Nick Campagna

  • 1 accepted solution
  • 4586 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!