Thank you for the detailed explanation. Very useful for my scenario. I have a website that can be reached by internal users on wifi trust network through internal DNS. External users can reach the website through destination NAT, but internal users on our guest wifi cannot reach the website externally, because it gets assigned external DNS and the firewall doesn't know how to handle the traffic, so it gets dropped. I will be configuring U-turn NAT for guest wifi, so untrusted devices don't query our internal DNS and reach via U-turn policy.

Way of teaching is very good, thank you for nice content

Very informative, simple and crispy. thank you😀

Hi Bikash, your videos very informative. Just a small request if you can share these eve-ng labs also we can export and work on the same topology. Can you please upload videos for troubleshooting App-ID, content ID, routing and other topics with real world scenarios? Also, waiting for your video on VPN with same subnets. Thanks

Very well explained

Hlo in interview asked me that if you do not get any traffic logs so how you troubleshoot that what could be the reasons we are not getting any traffic logs

I have a doubt, why we need NAT for internal traffic from inside to DMZ. The source nat mapping happens from private to private which can be achieed simply by creating policy?

Hi Bikash, thank you so much for giving us so beautiful concept of palo alto... I really appreciate it.. I have a qstn, wot will be the dns and natting resolution if the webserver have public IP taken from an IP pool, I mean if the public dns has mapping with sever domain with the same public ip which is assigned to the web server.. please answer keeping internal dns is not in the private network...

Bikash, if possible share config of both rouetrs also will be very helpful in doing the lab

Is it similar to the concept of TWICE NAT or DOCTORING in CISCO ASA ?

very informative

Hi Bikash Sir , great video but i have a stupid doubt in the video you said the src traffic 10.1.1.1. goes to the server on its public IP 20.1.1.50 which will be NAted to server Private IP - 192.168.1.1 But my doubt is , wont the source IP also be NATTEd to the Fw public Interface to reach th public IP - 20.1.1.50 and hence the retrun traffic will be towards the FW public Interface (which was the NATTed IP for 10.1.1.1 - or any othe NAT that is used for private inside Ips to go to internet) Thanks for these videos , they are really helpful to us

Greetings from Sadat, Sorry for wondering you Bikash's Tech, If you don't mind please make a complete video on EVE-NG installation and set up all the prerequisites for the Palo Alto Lab. Study2Master

good job

why eth1/3 should not be DMZ zone in NAT configuration ?

Sir, can you start vpn on palo alto firewall. I never understood how make a tunnel in palo alto as well as asa. ASA i have to study amy thing ... Bt palo alto i already have basic knowledge to understand

Can just share the DNS Router configuration it will be really helpful

Hi, could you please do video for palo alto d nat from outside to inside please..

Hi Bikash, does unat applies to traffic coming from outside to dmz or it’s just dnat applies here? I have understood from inside to dmz for external dns server but bit confused for outside to dmz.

Hi Sir, is it U Turn an exceptional case ? means , if we have internal DNS Server configured , then internal users can directly connect with internal server without need of public ip?

This is only for source NAT not for DNAT. Correct me if wrong.

for this u turn nat you mean source is pc dest is webserver outside ip (so pc without natting going out with its lan ip?) then hitting wan ip of server then going to 192.168.1.1 source ip lan can go out without nat? and return is directly going from dmz to in ? where is unnat happening first , bro is there any other video of you on this?

Can i configure U-trun NAT with two public ip addresses ?

kinldy do DNS sinkholing Video

how is the packet flow? pc going out to DNS then coming back to GlobalIP which is forwarding to DMZ?

Sir can you please mention here what ip is 192.x.x.1 and 192.x.x.10....juta need to know which interface and server ip is this....I think there will be one ip that is 192.168.1.1 that's the internal dmz server..so what is 1.10 coming frm please clear me

Itna confuse kr dya ki kya btau