In PAN-OS v.9.0.x, why does Destination NAT rule using Dynamic IP in the Pre-NAT rule and Static IP in the Destination Address translation of the Post-NAT rule not work?

In PAN-OS v.9.0.x, why does Destination NAT rule using Dynamic IP in the Pre-NAT rule and Static IP in the Destination Address translation of the Post-NAT rule not work?

12835
Created On 02/07/20 23:22 PM - Last Modified 09/28/20 03:47 AM


Question



Why does Destination NAT rule using Dynamic IP in the Pre-NAT rule and Static IP in the Destination Address translation of the Post-NAT rule not work when  dynamic IP  address changes?

Environment


  • PAN-OS 9.0.x versions
  • Destination Address in DNAT Pre-NAT rule utilizes FQDN (see below)
  • Destination Address in DNAT Translated Packet of Post-NAT rule utilizes a Static IP (see below)
User-added image

Answer


Due to the dynamic nature of the FQDN IP address, this configuration is not supported in 9.0.x versions

Additional Information


For further details, refer to the following article: DESTINATION NAT RULE TRANSLATES TO RANDOM IP
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000POcCCAW&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language