In palo Alto you need to create first NAT Rule with same destination and source zone and for destination translated port for you need to specify the port which server need to listen on. for example user open url https://220.127.116.11 then if server is listening on port say 456 then under destination port translation you can put port 456 and also server private ip address. Then security policy with your external zone as source and destination zone where server lives. Destination IP will be the public IP.
... View more