Port masking

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Port masking

Not applicable

Hi Everybody,

Is there a way to implement port masking on a PA-200?

I have an application that comes from the internet on a different destination port than the default port and I need the PA to change this port back to default value.

Example:

Http requests come to the PA on the port 1234 and the PA forwards this request to the server on the inside network but the port has to be 80.

Is there a way to accomplish this?

Regards,

Damir

1 accepted solution

Accepted Solutions

This should help: NAT Configuration

This common design is required when the site has a single public IP addressfor a number of services that are provided by different systems internally. This is also referred to as port forwarding or Virtual IP’s (VIP’s). Note that in this scenario the internal web server is running on port 8080 rather then on the traditional port 80.

So in the original packet tab, you define the service as the destination port the external users will be connecting to. In the translated packet tab, you check the destination address translation box, and define the destination IP and port.

So the original packet is 1.1.1.1:1234 and then you translate it to 172.16.1.1:80.

View solution in original post

4 REPLIES 4

L4 Transporter

Sounds like a NAT policy. Just a change of the destination port in the rule.

How to accomplish this?

I'm quite sure that I haven't seen such option so far.

Static NAT translation (port forwarding) is already implemented and it works, but only one the default destination port.

This should help: NAT Configuration

This common design is required when the site has a single public IP addressfor a number of services that are provided by different systems internally. This is also referred to as port forwarding or Virtual IP’s (VIP’s). Note that in this scenario the internal web server is running on port 8080 rather then on the traditional port 80.

So in the original packet tab, you define the service as the destination port the external users will be connecting to. In the translated packet tab, you check the destination address translation box, and define the destination IP and port.

So the original packet is 1.1.1.1:1234 and then you translate it to 172.16.1.1:80.

Thank you, I'll try that and let you know if it works.

  • 1 accepted solution
  • 3548 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!