08-26-2012 12:03 PM
Are there any links or references to a complete sample config for the PA firewall? I would like to see complete NAT examples and security policies for both inbound and outbound traffic. The Understanding NAT guide covers the inbound policy but not the outbound and does not cover all security policies. Also, I am looking for examples of security and NAT policies for traffic from the public to a dmz, dmz to private, and private to public. If anyone has a configuration or guide that can be looked at, I would appreciate it.
08-26-2012 02:50 PM
That is not quite what I am looking for, I am looking more specifically for NAT and security policy examples for inbound/outbound traffic and best practices. For example, I have 10 devices that each need their own public ip and are static natted and are only allowed to communicate with a specific range of ip address on the Internet. I am also looking for what others are configuring for Exchange rules and examples and nat rules for inbound OWA and Activesync from the public to a dmz and then the dmz to private rules (no nat) and the corresponding reply rules. I have Juniper SRX and Pix experience and am looking for some correlation on these rules. I have no issues with the interfaces or security zones, I am just looking for more complete examples/best practices to show the nat and security rule flow from users in public internet to webmail server in dmz and then from webmail server to mailbox server in private zone and the corresponding reply rules.
08-27-2012 08:04 AM
Please look at the document - Understanding NAT found here: https://live.paloaltonetworks.com/docs/DOC-1517 It contains examples of several common scenarios for both source and destination NAT which should address your needs for DMZ servers.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!