This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Round Robin NAT?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Round Robin NAT?

Go to solution
iguarino
L0 Member

‎09-28-2012 06:08 AM

Hello,

I'm running PANOS 4.0.11 and I'd like to be able to set NAT to round robin between 2 servers in the DMZ.  We would have a single public IP round robin NAT'd to two internal IPs.  Is this possible on 4.0?  How would I accomplish this?

Thanks,

Ian

Labels:
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
sdurga
L6 Presenter

‎09-28-2012 09:39 AM

Ian,

This is not possible on 4.0 or.4.1. I see that you would like to load balance between two internal servers with NAT, but this is not possible. You can create different NAT rules for different source ip addresses to get translated to different internal servers, but again this kind of setup is not true round robin load sharing.

Thanks,
Sandeep T

View solution in original post

0 Likes Likes
3 REPLIES 3

Go to solution
sdurga
L6 Presenter

‎09-28-2012 09:39 AM

Ian,

This is not possible on 4.0 or.4.1. I see that you would like to load balance between two internal servers with NAT, but this is not possible. You can create different NAT rules for different source ip addresses to get translated to different internal servers, but again this kind of setup is not true round robin load sharing.

Thanks,
Sandeep T

0 Likes Likes

Go to solution
msullivan
L3 Networker

‎09-28-2012 09:52 AM

The obvious answer is to use round robin DNS, but since your asking the question, there must be some limitation on IP address resources.  Still w/out the use of some sort of reverse proxy technology you would need more address space.  Maybe you could get more IP space, or if you have any old servers laying around, run Linux and use Squid, Apache or any of the other free Linux packages available to do the heavy lifting for you.

If you have the money, F5 simply rocks the house Smiley Happy

Cheers,

Mike

Go to solution
iguarino
L0 Member

‎09-28-2012 12:05 PM

Thank you both for your replies.  I am going to use an additional IP to resolve.

0 Likes Likes
  • 1 accepted solution
  • 3064 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks