This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

Routing IP address range through firewall

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Routing IP address range through firewall

Go to solution
migration
L0 Member

‎03-24-2011 08:47 AM

As somewhat of a newby to PAN, I need to ask how do I go about passing an internal public IP range outbound through the firewall and NOT natting it.  This certain range of addresses will only connect to one other public IP address (different, external network) but the other address needs to be able to see these internal IP 's for what they are and not be natted.

Thanks!  Mike

1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
kbrazil
L4 Transporter

‎03-24-2011 09:10 AM

Hi Mike,

You can exempt certain IP's or subnets from NAT by keeping the Source and Destination Translation fields as "none"

no-nat.jpg

Cheers,

Kelly

View solution in original post

0 Likes Likes
7 REPLIES 7

Go to solution
kbrazil
L4 Transporter

‎03-24-2011 09:10 AM

Hi Mike,

You can exempt certain IP's or subnets from NAT by keeping the Source and Destination Translation fields as "none"

no-nat.jpg

Cheers,

Kelly

0 Likes Likes

Go to solution
migration
L0 Member
In response to kbrazil

‎03-24-2011 10:00 AM

Yeah, this sounds like what I need to do.  If I set the source address to that of my internal range and the destination address to that of my target server, then the "no-natting' should only occur between those two sets of addresses, right?  Any extra Security policy rules needed( (other than what I already have in place)?

0 Likes Likes

Go to solution
kbrazil
L4 Transporter
In response to migration

‎03-24-2011 10:07 AM

You got it.  You shouldn't need any other policy entries beyond what you would normally have in your Security Policy to allow the two segments to communicate.

Cheers,

Kelly

0 Likes Likes

Go to solution
migration
L0 Member
In response to kbrazil

‎03-24-2011 02:29 PM

Should that new NO NAT rule be placed above the normal outbound PAT rule everyone else on the network is using?

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks