Prisma Access - Global Protect: No Source NAT

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Prisma Access - Global Protect: No Source NAT

L0 Member

Hi All,

 

I am new to Prisma Access.

We have done the setup as per PAN.

My question is as follow:

 

How do you disable source NAT for traffic in Prisma Access for Global Protect, that is going to your internal DC`s?

 

Kind Regards,

Micheal Swart

1 accepted solution

Accepted Solutions

L6 Presenter

Are you talking abound Inbound Access that allows access over the Internet to internal applications where you access the internal DC application using a Prisma Access Public IP address? If so then see:

 

 

-----------

 

You must

Enable source NAT

in the

Inbound Access

tab if you select this check box. Source NAT is a requirement to allow inbound flows to other remote networks.

 

--------

 

 

https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prisma-access-ad...

 

 

 

https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-cloud-managed-admin/secure-remo...

 

 

https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prisma-access-ad...

 

 

 

 

Edit:

 

 

Also in many cases X-Forwarded-For (XFF) HTTP header insertion will help as the servers will be able to see the real client ip or for cloud applications that may use this when going to the Internet but for some reason when I talked with Palo Alto they don't think this feature is needed at all but I think it is as when going to a web site in Internet not in a Remote Network or Service location many proxy have this option as then the client ip address is always changed to the one the on-prem or cloud proxy has 🙂

View solution in original post

2 REPLIES 2

L6 Presenter

Are you talking abound Inbound Access that allows access over the Internet to internal applications where you access the internal DC application using a Prisma Access Public IP address? If so then see:

 

 

-----------

 

You must

Enable source NAT

in the

Inbound Access

tab if you select this check box. Source NAT is a requirement to allow inbound flows to other remote networks.

 

--------

 

 

https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prisma-access-ad...

 

 

 

https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-cloud-managed-admin/secure-remo...

 

 

https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama-admin/prisma-access-ad...

 

 

 

 

Edit:

 

 

Also in many cases X-Forwarded-For (XFF) HTTP header insertion will help as the servers will be able to see the real client ip or for cloud applications that may use this when going to the Internet but for some reason when I talked with Palo Alto they don't think this feature is needed at all but I think it is as when going to a web site in Internet not in a Remote Network or Service location many proxy have this option as then the client ip address is always changed to the one the on-prem or cloud proxy has 🙂

L6 Presenter

If you managed to get the needed answers, please flag the question as answered.

  • 1 accepted solution
  • 2425 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!