Default Source NAT
Table of Contents
Default Source NAT
Learn more about the
Prisma SD-WAN
’s default source NAT.By default,
Prisma SD-WAN
provides an
out-of-the-box configuration that automatically performs Source
NAT on traffic destined directly to public internet interfaces.
Fields | Description |
|---|---|
1 | A new flow source is from Host PC1 with
a source address of 10.10.10.10 and a destination address of 60.60.60.60. |
2 | A packet arrives at the ION device’s LAN
Interface. A policy lookup and a path selection decision perform
to put the traffic on the link to ISP A. |
3 | Place the packet onto the internet segment;
the Default-NATPolicySet matches against the Default-InternetRule. This
rule contains the following configuration:
In this rule:
Apply
the packet's policy; the source address of 10.10.10.10 overwrites
by the address bound to the Internet Interface (50.50.50.1). The
source port changes to a random port during this operation. In
this example the original packet: (s) 10.10.10.10:12345: (d) 60.60.60.60:443.
Is rewritten to: (s) 50.50.50.1:54321: (d) 60.60.60.60:443. |
4 | Traffic arrives at the internet-based SaaS
application. |
5 | Traffic returns to the destination of 50.50.50.1:54321. |
6 | Traffic arrives at the ION device's internet
interface, where a translation table check is performed on the flow
to ensure that there is an active connection. |
7 | Establish the traffic onto the LAN segment;
the destination IP address returns from 50.50.50.1:54321 to 10.10.10.10:12345. |