What is the maximum number of NAT sessions per IP?

What is the maximum number of NAT sessions per IP?

73357
Created On 09/25/18 17:46 PM - Last Modified 06/13/23 02:58 AM


Resolution


Overview

In theory, each source IP can handle 64K sessions.

Taking the destination IP address into consideration increases the amount of NAT sessions per IP.  The destination IP is hashed and placed in a "bucket".  In the PAN device, there are "N" number of buckets of 64K ports. "N" is 2 for PA-2000, 4 for PA-4020 and 8 for PA-4050/4060.

This is per IP. The NAT supports 16 Mil simultaneous translations.  A single IP address can be source/destination hashed as described, resulting in a potential total of "N times 64K" translations, providing that the destination IP is not the  same.

For example, on a PA-4050, a single public IP address can NAT up to 512K (where N=8) translations behind it as long as the destination IP addresses were not the same.

owner: snisar
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJACA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language