This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Who rated this post

Raido_Rattameister
Cyber Elite
Cyber Elite

‎02-10-2023 06:45 PM - edited ‎02-10-2023 06:47 PM

It is easy to do.

Customer buys another Palo.

Set up external firewall that will DNAT to 192.168.5.100 and internal firewall that will perform second DNAT and voila - 2x NAT is achieved 🙂

 

On more serious note for Palo to send traffic to 192.168.5.100 something needs to reply to arp on that IP.

If Palo has 192.168.5.100 configured on itself it will never send out arp requests for this IP.

 

You can set up packet capture filter and use "show counter global filter delta yes packet-filter yes" and see why packet is dropped.

If this is not enough then take flow basic logs.

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

View solution in original post

(1)
Who rated this post
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks