Traffic is not getting Natted DIPP

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Traffic is not getting Natted DIPP

L0 Member

We have Single Outbound PAT configured for internet traffic for all internal users.

So all users traffic use the same Outbound PAt while going to internet but one traffic is not getting natted with this NAT policy

 

There is no PBF configured, its simple NAT (Outbound PAT DIPP), Security Policy (From trust to untrust).

PAN-OS 8.1.6 h2

Request to fine suggestion on this.

 

 

3 REPLIES 3

Cyber Elite
Cyber Elite

@RakeshRanjan,

Can you include the log showing that it isn't getting NAT'd and the NAT policy itself? For something like this the most common cause is that the traffic isn't actually matching the NAT policy itself, you could test this in the CLI by building out the 'test nat-policy-match' command to match the traffic that isn't hitting the NAT policy and verifying the firewall is matching the traffic to the policy correctly. 

 

Thanks for your reply.

Same traffic getting natted some time and the some times its not.

Also the strange thing, when its getting natted ingress interface(E1/2) and egress interface(E1/1) is different as expected however when its not getting natted both ingress and egress interface are same.

 

@RakeshRanjan ,

If the ingress and egress interfaces are changing then the traffic isn't the same. I haven't seen a PAN firewall mistake what interface traffic ingressed in years; so my initial reaction with this would be you have something improperly configured on your network causing unexpected routing. 

  • 2638 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!