05-16-2019 03:55 AM
We have Single Outbound PAT configured for internet traffic for all internal users.
So all users traffic use the same Outbound PAt while going to internet but one traffic is not getting natted with this NAT policy
There is no PBF configured, its simple NAT (Outbound PAT DIPP), Security Policy (From trust to untrust).
PAN-OS 8.1.6 h2
Request to fine suggestion on this.
05-16-2019 01:32 PM
Can you include the log showing that it isn't getting NAT'd and the NAT policy itself? For something like this the most common cause is that the traffic isn't actually matching the NAT policy itself, you could test this in the CLI by building out the 'test nat-policy-match' command to match the traffic that isn't hitting the NAT policy and verifying the firewall is matching the traffic to the policy correctly.
05-16-2019 02:48 PM
Thanks for your reply.
Same traffic getting natted some time and the some times its not.
Also the strange thing, when its getting natted ingress interface(E1/2) and egress interface(E1/1) is different as expected however when its not getting natted both ingress and egress interface are same.
05-16-2019 08:10 PM
If the ingress and egress interfaces are changing then the traffic isn't the same. I haven't seen a PAN firewall mistake what interface traffic ingressed in years; so my initial reaction with this would be you have something improperly configured on your network causing unexpected routing.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
