Hi there, You just need to NAT inbound ports from the 4G router to the Palo IP. Or simpler if you just set a DMZ host on the 4G router to send all traffic to the PA. The ISP however will need to map a public address and inbound ports as the carriers usually only allocate you a private address. I've just bought a international SIM card that does this. They basically assign me a static public address their end, and it NATs through their cell provider VPN to the private IP on my router. I need to arrange with them what ports they pass inbound (which is good as it filters out port scans etc but bad as if I want to add a new service I have to ask them) Ports for LSVPN are tcp/443 and udp/4501 That router then NAT's all inbound to the ip on the palo alto. The palo alto is configured with a private address but it doesnt matter as long as your public IP is used for LSVPN inbound. If this is a remote office then you don't need any of the inbound NAT's setup as its a one way connection.
... View more