Disable NAT for a Specific Host or Interface
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
- Cloud Management of NGFWs
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
- PAN-OS 9.1 (EoL)
-
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1 & Later
-
-
- Cloud Management and AIOps for NGFW
- PAN-OS 10.0 (EoL)
- PAN-OS 10.1
- PAN-OS 10.2
- PAN-OS 11.0
- PAN-OS 11.1
- PAN-OS 11.2
- PAN-OS 8.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 9.1 (EoL)
Disable NAT for a Specific Host or Interface
Both source NAT and destination NAT rules
can be configured to disable address translation. You may have exceptions
where you do not want NAT to occur for a certain host in a subnet
or for traffic exiting a specific interface. The following procedure
shows how to disable source NAT for a host.
- Create the NAT policy.
- Select PoliciesNAT and click Add a descriptive Name for the policy.On the Original Packet tab, select the zone you created for your internal network in the Source Zone section (click Add and then select the zone) and the zone you created for the external network from the Destination Zone list.For Source Address, click Add and enter the host address. Click OK.On the Translated Packet tab, select None from the Translation Type list in the Source Address Translation section of the screen.Click OK.Commit your changes.Click Commit.NAT rules are processed in order from the top to the bottom, so place the NAT exemption policy before other NAT policies to ensure it is processed before an address translation occurs for the sources you want to exempt.