NAT Translated Packet Tab
- Policy > NAT > Translated Packet
Select the Translated Packet tab to determine, for Source Address Translation, the type of translation to perform on the source, and the address and/or port to which the source will be translated.
You can also enable Destination Address Translation for an internal host that needs to be accessed by a public IP address. In this case, you define a public source address and destination address in the Original Packet tab for an internal host, and in the Translated Packet tab you enable Destination Address Translation and enter the Translated Address. When the public address is accessed, it will be translated to the internal (destination) address of the internal host.
NAT Rule - Translated Packet Settings
Source Address Translation
Select the Translation Type (dynamic or static address pool), and enter an IP address or address range (address1-address2) that the source address is translated to (Translated Address). The size of the address range is limited by the type of address pool:
(Optional) Enable bidirectional translation if you want the firewall to create a corresponding translation (NAT or NPTv6) in the opposite direction of the translation you configure.
If you enable bidirectional translation, you must ensure that you have security policies in place to control the traffic in both directions. Without such policies, the bidirectional feature allows packets to be translated automatically in both directions.
Destination Address Translation
Enter an IP address or range of IP addresses and a translated port number (1-65535) to which the destination address and port number are translated. If the Translated Port field is blank, the destination port is not changed. Destination translation is typically used to allow an internal server, such as an email server, to be accessed from the public network.
For NPTv6, the prefixes configured for Destination prefix Translated Address must be in the format xxxx:xxxx::/yy. The address cannot have an interface identifier (host) portion defined. The range of supported prefix lengths is /32 to /64.
Translated Port is not supported for NPTv6 because NPTv6 is strictly prefix translation. The Port and Host address section is simply forwarded unchanged.
Source NAT Source NAT is typically used by internal users to access the Internet; the source address is translated and thereby kept private. There are ...
The NPTv6 Translation in NPTv6 Example
The NPTv6 Translation in NPTv6 Example In this example, the Original Packet is configured with a Source Address of FDD4:7A3E::0 and a Destination of Any ...
NAT This section describes Network Address Translation (NAT) and how to configure the firewall for NAT. NAT allows you to translate private, non-routable IPv4 addresses ...
Source and Destination NAT Example
Source and Destination NAT Example In this example, NAT rules translate both the source and destination IP address of packets between the clients and the ...
Destination NAT Destination NAT is performed on incoming packets when the firewall translates a destination address to a different destination address; for example, it translates ...
Create an NPTv6 Policy
Create an NPTv6 Policy Perform this task when you want to configure a NAT NPTv6 policy to translate one IPv6 prefix to another IPv6 prefix. ...
Policies > NAT
Policies > NAT If you define Layer 3 interfaces on the firewall, you can configure a Network Address Translation (NAT) policy to specify whether source ...
Translate Internal Client IP Addresses to Your Public IP Ad...
Translate Internal Client IP Addresses to Your Public IP Address (Source DIPP NAT) When a client on your internal network sends a request, the source ...
How NPTv6 Works
How NPTv6 Works When you configure a policy for NPTv6, the Palo Alto Networks firewall performs a static, one-to-one IPv6 translation in both directions. The ...