- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
02-08-2024 10:48 PM
This is my topology. From 30.0.0.10 i would like to access the server 192.168.0.2 with the help of PA wan interface IP(30.0.0.1)
I have created DNAT and Ssecurity policy .
Object Prenat IP is 30.0.0.1/8 and Webserver Ip is 192.168.0.2/24, when I try to open 30.0.0.1 from my web browser I am not able to see server's web page. I took a capture on server end and I don't see packet reaching the server.
Could you please help me to resolve the issue, am I missing somthing?
02-09-2024 12:24 AM
your prenat IP should be 30.0.0.1/32 and postnat ip 192.168.0.2/32
if you add /8 and /24 subnets to the objects, you're telling your firewall to nat the entire /8 supernet somehow into the /24 subnet
your NAT rule needs to be:
from WAN to WAN 30.0.0.1/32 destination translate to 192.168.0.2/32
your security rule needs to be
from WAN to DMZ destination 30.0.0.1/32 any any allow
02-09-2024 12:24 AM
your prenat IP should be 30.0.0.1/32 and postnat ip 192.168.0.2/32
if you add /8 and /24 subnets to the objects, you're telling your firewall to nat the entire /8 supernet somehow into the /24 subnet
your NAT rule needs to be:
from WAN to WAN 30.0.0.1/32 destination translate to 192.168.0.2/32
your security rule needs to be
from WAN to DMZ destination 30.0.0.1/32 any any allow
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!