Chapter 1. Basics
1.3 SNAT
Learning Objectives
- Configure Source NAT (SNAT)
Prerequisites:
- Security policy for Inside to Outside
- Interface configuration
- Knowledge of previous labs
![Main Scenario](https://opentextbc.ca/wp-content/uploads/sites/445/2022/04/1.png)
Device | Configuration |
---|---|
Clint | eth0: 10.0.0.2/24 GW: 10.0.0.1 DNS: 8.8.8.8 |
PaloAlto | Ethernet1/1: 10.0.0.1/24 Ethernet1/2: DHCP Management: 192.168.0.1/24 |
Management (WebTerm) | eth0: 192.168.0.2/24 |
Outside (WebTerm) | eth0: DHCP |
Zone | Interface |
---|---|
Inside | Ethernet1/1 |
Outside | Ethernet1/2 |
SNAT (Source NAT: Access the Internet in Palo Alto)
Under the policies tab, go to NAT, then click Add.
![Set a Source NAT](https://opentextbc.ca/wp-content/uploads/sites/445/2023/11/2.jpg)
We want to translate packets originating from the Inside to go to the outside zone using the interface address of ethernet1/2. This would be Port Address Translation Overload. Under the General tab, just change the name.
![Set a Name for NAT](https://opentextbc.ca/wp-content/uploads/sites/445/2023/11/3.jpg)
Under the original packet tab, click add then make the source zone inside. As for the destination zone, make it outside.
![Set a Source Zone and Destination Zone for NAT](https://opentextbc.ca/wp-content/uploads/sites/445/2023/11/4.jpg)
Configure these settings under the translated packet tab in the source address translation area:
Parameter | Value |
---|---|
Translation Type | Dynamic IP and Port |
Address Type | Interface Address |
Interface | Ethernet1/2 |
IP Address | None |
![Set a Translated Packet](https://opentextbc.ca/wp-content/uploads/sites/445/2023/11/5.jpg)
Don’t forget to commit!
Check Internet Connectivity on Webterm
Open up webterm, and navigate to any website of your choosing.
![Verify your connectivity to the Internet](https://opentextbc.ca/wp-content/uploads/sites/445/2023/11/6.jpg)
If your desired webpage showed up, you have successfully configured SNAT!