- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
04-25-2017 10:29 AM
With the NAT VM no longer being required and you can assign a public address to NIC1 I have a question on the NAT process concerning only connectivity from resources to the interent. Do you need to configure a source nat policy or do you just forward traffic to 0.0.0.0/0 via a static route to the .1 address of the subnet on NIC1 and the Azure environment will do the translation? It is my understanding you only assign the public IP address to the VM NIC and do not assign this to an interface within the Palo Alto configuration?
Thanks,
Steve
04-25-2017 10:49 AM
Steve,
For outbound, just add a static route that forwards trafffic as you suggest. I *think* you can just forward it to eth 1/1 (an not mention the ip address of the subnet) of the fw -- assuming eth1/1 is what NIC1 is connected to.
The NIC in Azure has the public IP and the firewall doesn't even see it. It only see the private address.
04-27-2017 12:45 PM
I was not able to get this to work without putting a source nat policy in and after I put that in internet access is available.
nat-type ipv4;
from trust;
source any;
to INTERNET;
to-interface ethernet1/1 ;
destination any;
service any/any/any;
translate-to "src: ethernet1/1 x.x.x.x (dynamic-ip-and-port) (pool idx: 1)";
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!