Chapter 1. Basics
1.3 SNAT
Learning Objectives
- Configure Source NAT (SNAT)
Prerequisites:
- Security policy for Inside to Outside
- Interface configuration
- Knowledge of previous labs
| Device | Configuration |
|---|---|
| Clint | eth0: 10.0.0.2/24 GW: 10.0.0.1 DNS: 8.8.8.8 |
| PaloAlto | Ethernet1/1: 10.0.0.1/24 Ethernet1/2: DHCP Management: 192.168.0.1/24 |
| Management (WebTerm) | eth0: 192.168.0.2/24 |
| Outside (WebTerm) | eth0: DHCP |
| Zone | Interface |
|---|---|
| Inside | Ethernet1/1 |
| Outside | Ethernet1/2 |
SNAT (Source NAT: Access the Internet in Palo Alto)
Under the policies tab, go to NAT, then click Add.
We want to translate packets originating from the Inside to go to the outside zone using the interface address of ethernet1/2. This would be Port Address Translation Overload. Under the General tab, just change the name.
Under the original packet tab, click add then make the source zone inside. As for the destination zone, make it outside.
Configure these settings under the translated packet tab in the source address translation area:
| Parameter | Value |
|---|---|
| Translation Type | Dynamic IP and Port |
| Address Type | Interface Address |
| Interface | Ethernet1/2 |
| IP Address | None |
Don’t forget to commit!
Check Internet Connectivity on Webterm
Open up webterm, and navigate to any website of your choosing.
If your desired webpage showed up, you have successfully configured SNAT!