Destination NAT on the Palo Alto Firewall | Part 11

First things first, This video is AWESOME! Thank you for taking the time to make it. I did however struggle using 1 IP to multiple inside addresses and ports so I figured I would post a little more info below.
I would like to add the following information for Destination nat rules from one public IP to multiple dmz ip addresses/ports. In order for that to work right, you must specify the original packet destination service for each NAT. for example, if you are running a web service on one server, you would specify 443, then translate to your web server inside. If you had an email server you would specify 25, then translate that to a different server on the inside.
If you are doing a different outside port you can specify that on the Original packet tab, then on the translated packet specify the correct inside port. For example you can run a web server on 18443, but have it translate to 443 on the inside.
Thank you again for posting this video.

That portion with the destination zone for NAT would have got me. I had to watch the video a few times to understand what you were saying.

Here we go with one of my top IT leaders of all the times 🙋‍♂. Subscribing will all glad. And thanks for the dest nat video tutorial 💯

We have an IPSec Tunnel to the client. They want to access our internal server. We provided them the Public IP address. We allowed the security polices (from ZONe VPN to our DMZ on ports xxx allow). We also added the proxies in the IPSec Tunnel and also added the route to their network.
Now I am confused that we didnt configured any type of NAT in this case. Could you please explain why is it so?
Thanks in advance.

Thank you very much it works for me

what happened to this series? its been 4months ? appreciate it keith please continue with this series

Awesome video Keith! Do you outline your videos before you film them or do you perform them off the cuff?

The way I understand it: The Destination Zone is where the host lives, the Destination Address is the virtual IP.

Hi Keith. Thanks very much for the helpful video. Can you help me understand if the security policy relies on a Pre-NAT IP and a Post-NAT Zone because of the way that packets flow through a Palo Alto firewall? If so, is this common of other modern NGFW devices? Cheers!

Thanks for the videos Keith. It is really helping me as a noob with no training on my new pair of 440s. I have to setup some NATS on an IPsec tunnel and am confused on how to implement source or destination NATs. Is the only difference the zones? On my tunnels, I am using a l2vpn zone as opposed to outside. Are the zones the only thing that would differ when doing NAT with an IPSec tunnel?

Sir please make one video for u-trun nat.

Please upload the Part-12 of the Palo Alto Networks Firewall: 0-60 series

Great video. What about to config reverse proxy in PA?

Good video ! quick qeustion : what writing digital notepad do you use for all the annotations ?

Nice and helpful 👍🏻
#AaruneticTales

Hi Keith,
I have already my PCNSA and I am currently learning for my PCNSE. It's hard for me to find good courses. Are you going to do a new PCNSE course?

Are you at Cisco Live! this year Keith?

Whenever you come to Mumbai in india would love to host you.

WTH did you just say? WHAT??