Focus

Prisma SD-WAN

Prisma SD-WAN NAT Policies

Table of Contents

Filter

Expand All | Collapse All

Prisma SD-WAN Docs

Activation & Onboarding
Administration
CloudBlades
Select a Document
- CloudBlade Integrations
- CloudBlades Integration with Prisma Access
Deployment
Incidents & Alerts
Reference
Release Notes
Select a Document
- 6.5
- 6.4
- 6.3
- 6.2
- 6.1
- 5.6
- New Features Guide
- On-Premises Controller
- Prisma SD-WAN CloudBlades
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed

Use Case 4 - Protect An Enterprise Voice Application

Add a NAT Stack

Prisma SD-WAN NAT Policies

Prisma SD-WAN supports Network Address Translation (NAT) to translate public and private IP addresses. This ensures privacy of internal networks connected to public or private networks.

Where Can I Use This?	What Do I Need?
Prisma SD-WAN	Prisma SD-WAN license

Prisma SD-WAN supports Network Address Translation (NAT) to translate public and private IP addresses. This ensures privacy of internal networks connected to public or private networks and allows reuse of the same IP address or mapping multiple IP addresses to a single IP address. Use NAT policies to configure a central framework for NAT operations. By default, Prisma SD-WAN provides an out-of-the-box configuration that automatically performs Source NAT on traffic destined directly to public internet interfaces.

You can create a simple NAT stack or an advanced NAT stack. A simple NAT stack has only one NAT policy set. You can add NAT Policy rules directly to Simple NAT Policy Set Stacks. This simplifies the management of NAT stacks if you do not need to leverage the stacking capabilities.

An Advanced NAT stack can accommodate a maximum of four policy sets and one default rule policy set. The policy sets in a NAT stack are ordered from left to right, with the left-most policy set designated as the highest priority. A site will evaluate policy sets within a stack based on the order of the policy sets.

NAT Configuration Overview

Before configuring a NAT policy, ensure the following prerequisites are set:

NAT Prefixes: These specify the source and/or destination IP address ranges for the NAT rules. They can be either global or local.
NAT Zones: These are tied to specific devices and interfaces and identify the source or destination network areas.
NAT Pools: These are the pools of IP addresses that the NAT rules will use for address translation. They are linked to devices, interfaces, and IP ranges.

Once the prerequisite configurations are complete, you can proceed to create the NAT configuration components in the following order:

NAT Policy Rule: Each NAT policy set requires a minimum of one NAT policy rule. A rule may include any or all of the following elements:
1. Match Criteria: This determines when the rule is applied and includes NAT prefixes and NAT zones.
2. Actions: This defines the NAT pool to be used for address translation.
NAT Policy Sets: Group your NAT policy rules into policy sets. A NAT policy stack must be associated with at least one policy set. An advanced NAT policy stack may be associated with up to four policy sets.
NAT Policy Stacks: Finally, create the NAT policy stack itself. This can be either a simple NAT stack with a single policy set or an advanced NAT stack that can accommodate up to four policy sets plus a default rule policy set.

Refer to the NAT Policy Use Cases to understand various NAT capabilities and to address common scenarios.

Add a NAT Stack

Prisma SD-WAN Docs

Prisma SD-WAN NAT Policies

Prisma SD-WAN Docs

Prisma SD-WAN NAT Policies

NAT Configuration Overview

Related CLIs

Activation & Onboarding

SASE

Visibility & Monitoring

FedRAMP

Hardware Reference

Hardware Quick Start Guides

Virtual ION Deployment

Prisma SD-WAN Integration

Prisma SD-WAN Experts Corner

Best Practices

Resources