First things first, This video is AWESOME! Thank you for taking the time to make it. I did however struggle using 1 IP to multiple inside addresses and ports so I figured I would post a little more info below. I would like to add the following information for Destination nat rules from one public IP to multiple dmz ip addresses/ports. In order for that to work right, you must specify the original packet destination service for each NAT. for example, if you are running a web service on one server, you would specify 443, then translate to your web server inside. If you had an email server you would specify 25, then translate that to a different server on the inside. If you are doing a different outside port you can specify that on the Original packet tab, then on the translated packet specify the correct inside port. For example you can run a web server on 18443, but have it translate to 443 on the inside. Thank you again for posting this video.
@KeithBarker4 ай бұрын
Thank you @jasontemple4407!
@zeyadal-qoubatty3025 Жыл бұрын
Here we go with one of my top IT leaders of all the times 🙋♂. Subscribing will all glad. And thanks for the dest nat video tutorial 💯
@troysipple2591 Жыл бұрын
That portion with the destination zone for NAT would have got me. I had to watch the video a few times to understand what you were saying.
@KeithBarker Жыл бұрын
Thank you Troy Sipple!
@tariqmalik48593 ай бұрын
I just came across this video. Great job!
@KeithBarkerАй бұрын
Thank you @tariqmalik4859!
@rockinron51133 ай бұрын
Nice one Keith. Cheers.
@KeithBarker3 ай бұрын
Thank you @rockinron5113!
@adityaprasaddash2221 Жыл бұрын
Sir please make one video for u-trun nat.
@RaajMagdum Жыл бұрын
Thank you very much it works for me
@KeithBarker Жыл бұрын
Glad to hear that
@joejoe2452 Жыл бұрын
what happened to this series? its been 4months ? appreciate it keith please continue with this series
@KeithBarker Жыл бұрын
Thank you for the question @joejoe2452. I completed the series for Palo Alto that I intended to create here on KZbin.
@mehulpruthi Жыл бұрын
Please upload the Part-12 of the Palo Alto Networks Firewall: 0-60 series
@KeithBarker Жыл бұрын
Thank you Mehul! I don't have a part 12 yet. Do you have a recommendation of what other content you would want for a part 12, part 13, etc???
@nersesavakyan5760 Жыл бұрын
Great video. What about to config reverse proxy in PA?
@ICEMAN_96 Жыл бұрын
Awesome video Keith! Do you outline your videos before you film them or do you perform them off the cuff?
@nub407 Жыл бұрын
Are you at Cisco Live! this year Keith?
@KeithBarker Жыл бұрын
Yes! Will be at town hall square #2 at 1pm on Tuesday. :) Would love to say hello if you are available.
@nub407 Жыл бұрын
I missed you today. Around tomorrow?
@KeithBarker Жыл бұрын
@@nub407 I will be at the Cisco Event at the Allegiant stadium (Wed) for the first hour (till around 8:30). You can DM me through the Cisco App if you are there around that time, and I would love to say hello.
@RaiderFanDanTheMan3 ай бұрын
Ah! Static NAT!
@jasonmabry1877 Жыл бұрын
Thanks for the videos Keith. It is really helping me as a noob with no training on my new pair of 440s. I have to setup some NATS on an IPsec tunnel and am confused on how to implement source or destination NATs. Is the only difference the zones? On my tunnels, I am using a l2vpn zone as opposed to outside. Are the zones the only thing that would differ when doing NAT with an IPSec tunnel?
@DomAndHeatherEVTravel9 ай бұрын
Hi Keith. Thanks very much for the helpful video. Can you help me understand if the security policy relies on a Pre-NAT IP and a Post-NAT Zone because of the way that packets flow through a Palo Alto firewall? If so, is this common of other modern NGFW devices? Cheers!
@KeithBarker8 ай бұрын
Thank you for the question @TheDrshoe28. This is a bit unique, configuration wise on the PA NGFW. Here is a copy/paste of a response I made earlier today, regarding DNAT and NAT + Security policy rules: For the destination NAT and Security policy rules using the following: real server: Zone: DMZ IP: 10.30.0.100 DNAT RULE: DNAT for benefit of users coming in from: Zone: Outside to DNAT IP of 23.1.2.100 For the NAT policy rule: Original Packet Source Zone: Outside Dest Zone: Outside IP: 23.1.2.100 Translated Packet for DNAT 10.30.0.100 Security Rule allowing incoming traffic: Source Zone: Outside (Where clients are connecting from) Destination Zone: DMZ (Zone where server really is) Destination IP: 23.1.2.100 (Pre DNAT IP) Hope that is useful.
@abmanyasar Жыл бұрын
Good video ! quick qeustion : what writing digital notepad do you use for all the annotations ?
@KeithBarker Жыл бұрын
Thank you for the question abman yasar. I use Epic Pen.
@umarali534 ай бұрын
We have an IPSec Tunnel to the client. They want to access our internal server. We provided them the Public IP address. We allowed the security polices (from ZONe VPN to our DMZ on ports xxx allow). We also added the proxies in the IPSec Tunnel and also added the route to their network. Now I am confused that we didnt configured any type of NAT in this case. Could you please explain why is it so? Thanks in advance.
@tekx7841 Жыл бұрын
Hi Keith, I have already my PCNSA and I am currently learning for my PCNSE. It's hard for me to find good courses. Are you going to do a new PCNSE course?
@KeithBarker Жыл бұрын
Thank you for the question TeKx. There is a new PCNSE course on CBTNuggets site right now. I just finished creating it a few months ago. There is also a new Palo Alto playlist here on KZbin: kzbin.info/aero/PLQQoSBmrXmrw6njwWXSIOiWZE7La8PA5P
@jonathanc88799 ай бұрын
The way I understand it: The Destination Zone is where the host lives, the Destination Address is the virtual IP.
@jonathanc88799 ай бұрын
Destination IP is the virtual IP rather than the host's IP.
@KeithBarker8 ай бұрын
Thank you @jonathanc8879! For the destination NAT and Security policy rules using the following: real server: Zone: DMZ IP: 10.30.0.100 DNAT RULE: DNAT for benefit of users coming in from: Zone: Outside to DNAT IP of 23.1.2.100 For the NAT policy rule: Original Packet Source Zone: Outside Dest Zone: Outside IP: 23.1.2.100 Translated Packet for DNAT 10.30.0.100 Security Rule allowing incoming traffic: Source Zone: Outside (Where clients are connecting from) Destination Zone: DMZ (Zone where server really is) Destination IP: 23.1.2.100 (Pre DNAT IP)
@yamunaprajapati2241 Жыл бұрын
Nice and helpful 👍🏻 #AaruneticTales
@altafkhan1222 Жыл бұрын
Whenever you come to Mumbai in india would love to host you.