This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Port masking

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Port masking

Go to solution
damir_porobic
Not applicable

‎06-22-2012 08:52 AM

Hi Everybody,

Is there a way to implement port masking on a PA-200?

I have an application that comes from the internet on a different destination port than the default port and I need the PA to change this port back to default value.

Example:

Http requests come to the PA on the port 1234 and the PA forwards this request to the server on the inside network but the port has to be 80.

Is there a way to accomplish this?

Regards,

Damir

Labels:
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
mharding
L4 Transporter
In response to damir_porobic

‎06-22-2012 09:41 AM

This should help: NAT Configuration

This common design is required when the site has a single public IP addressfor a number of services that are provided by different systems internally. This is also referred to as port forwarding or Virtual IP’s (VIP’s). Note that in this scenario the internal web server is running on port 8080 rather then on the traditional port 80.

So in the original packet tab, you define the service as the destination port the external users will be connecting to. In the translated packet tab, you check the destination address translation box, and define the destination IP and port.

So the original packet is 1.1.1.1:1234 and then you translate it to 172.16.1.1:80.

View solution in original post

4 REPLIES 4

Go to solution
mharding
L4 Transporter

‎06-22-2012 09:23 AM

Sounds like a NAT policy. Just a change of the destination port in the rule.

0 Likes Likes

Go to solution
damir_porobic
Not applicable
In response to mharding

‎06-22-2012 09:28 AM

How to accomplish this?

I'm quite sure that I haven't seen such option so far.

Static NAT translation (port forwarding) is already implemented and it works, but only one the default destination port.

0 Likes Likes

Go to solution
mharding
L4 Transporter
In response to damir_porobic

‎06-22-2012 09:41 AM

This should help: NAT Configuration

This common design is required when the site has a single public IP addressfor a number of services that are provided by different systems internally. This is also referred to as port forwarding or Virtual IP’s (VIP’s). Note that in this scenario the internal web server is running on port 8080 rather then on the traditional port 80.

So in the original packet tab, you define the service as the destination port the external users will be connecting to. In the translated packet tab, you check the destination address translation box, and define the destination IP and port.

So the original packet is 1.1.1.1:1234 and then you translate it to 172.16.1.1:80.

Go to solution
damir_porobic
Not applicable
In response to mharding

‎06-22-2012 10:05 AM

Thank you, I'll try that and let you know if it works.

0 Likes Likes
  • 1 accepted solution
  • 3101 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks