How to configure Inbound NAT in Paloalto Firewall

You are here:
← All Topics
Contents

Steps on how to configure inbound NAT in Paloalto Firewall

Summary of IP Information

  1. Ethernet 1/1 – External Zone – 192.168.4.48/24
  2. Ethernet 1/2 – Internal Zone – 192.168.1.10/24
  3. INFO-EX13 (Windows 2016 Server) – 192.168.1.201
  4. NAT – 192.168.4.49:25 (Public) to 192.168.1.201:25 (Internal)

Creating New Firewall Objects

Create a new IP Netmask object in Object – Addresses

  • INFO-EX13 – IP Netmask – 192.168.1.201/32
  • INFO-EX13-PublicIP – IP Netmask – 192.168.4.49/32

NAT Policy

Create a New NAT Policy in Policies – NAT

Enter a Name with NAT Type = ipv4

  • Source & Destination Zone = External
  • Service = service-https or create a new Service object for custom port
  • Source Address = Any
  • Destination Address = INFO-EX13-PublicIP (Public IP of the NAT Server)

  • Translation Type = Static IP
  • Translated Address = INFO-EX13 (Internal IP)
  • Translated Port = 443 (HTTPS)

Security Policy

Create a new Security Policy in Policies – Security for inbound connection to NAT object

image-20200311000242874

Source Zone = External

)

Destination Address = INFO-EX13-PublicIP (Public IP but NOT Internal IP)

)

Add the services-https in Service/URL Category

)

Action – Allow

Commit all changes to Paloalto Firewall and user should be able to access INFO-EX13 Sever via https://192.168.4.49 from Internet now