Configuring NAT In Palo Alto Networks’ Next Generation Firewalls
The video shows up very small for the theme that I have, please use the full screen button on the player. Below are some of the documents I used to help out when I was first learning these methods. Also, feel free to contact me via twitter or by using the contact me form on my about page.
Great video, thanks. I’ve got 1 problem however with a NAT rule ‘overshadowing’ error on the ‘commit’. After the entry of my 2nd ‘destination nat’ port forward (1st port fwd works fine)- I have both zones as ‘WAN’ like the video suggests, the ‘Original packet ‘destination” is the same (ie my WAN IP address) but for the 2nd port forward, the “translated packet – destination translation” is now the next IP address ie 192.168.1.10 – using port 25 – can you explain with I get the NAT overshadowing error?
Mike
Hi Mike,
This is something that will most likely never go away for you. This warning message just indicates that you have potentially overlapping NAT policies. I receive this on my firewall quite often as well because we have a normal destination NAT rule followed by a U-Turn NAT rule for certain sites and even though they don’t directly overlap, they are close and it seems as the firewall wants to let me know that. As long as both of your NAT rules work I wouldn’t worry about it. If one or both of them don’t work then let me know and we can do some additional troubleshooting for you.
Thanks for the awesome video. Configuring my first PA firewall and was a little confused at how the IP objects worked. That little sliver of viewing your addresses cleared the whole thing up for me. For single addresses in the IP netmask objects, I was specifying /32 which is what the description made it seem was necessary, and what I’ve been used to configuring on ASA’s for a while.
Very helpful, thanks!