Thursday, April 19, 2018

Help understanding Palo Alto's NAT terminology

I'm the new/only network guy at a small company of 170 users. Two PA-3020 firewalls in HA, a primary and a backup ISP. I'm trying to understand how the NAT configuration works and what it means.

Screenshot of our NAT policies

Traffic always egresses from ISP-1, we're not doing load balancing to the backup ISP-2. Am I correct in reading this that after the packet is translated out to the internet, the source address could be any of the six of our public IPs on ISP-1 (we have a /29)?

If my Sysadmin wants a public address for one of our web servers, will I need to re-write these NAT rules to exclude that IP from being part of the NAT pool?

Am I even using the correct terminology here? My only experiences with NAT is from my CCNA course, my prior job had an entire /16. So this is my first time working in a NATed environment.



No comments:

Post a Comment