How do I configure the destination NAT policy in Prisma SDWAN?

How do I configure the destination NAT policy in Prisma SDWAN?

17467
Created On 10/30/20 16:28 PM - Last Modified 01/17/25 02:27 AM


Question


  • How to configure destination NAT policy CloudGenix?

Environment


  • Prisma SDWAN

    A server inside the Branch needs to be accessible from user with the following requirements: 

    Internal Server 1 needs to be accessed via SSH from the internet.
    Server 1 has an internal IP address of 192.168.22.1.
    Server 1 will have an external (NAT) IP address of 200.20.0.5.
    ION/CloudGenix device has an external IP address of 200.20.0.1.

    1

Answer


1. First make sure to configure the following;

NAT prefixes: BR1_L3_Switch_External
NAT zones: L3_External_NAT_Zone
NAT pools: 192_168_22_1   

2. NAT Policy 

Set to BR1_External_Switch_NAT
Source or Destination NAT:

  • Describes where the traffic is coming from
  • Set to Source

NAT Zone:

  • Set to L3_External_NAT_Zone

2


Match Criteria

The following is configured under the Match Criteria tab:

Protocol:

  • Set to TCP for this use case

Destination:

  • Describes the IP address that the traffic is coming from for the point of view of NAT
  • Set to BR1_L3_Switch_External

Port Ranges:

  • Set to 22 for SSH

3

Actions

Action #1:

  • This is can be thought of as the verb on the action.
  • Set to Destination NAT

NAT Pool:

  • This is the IP address that the verb will take action on and NAT to.
  • Set to 192_168_22_1

4
3. Finally, the NAT policy must be bound to an interface

5

Additional Information
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HBQpCAO&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language