Palo Alto Port Address Translation


Configure Port Address Translation to allow private IP addresses internet access via a shared public address.


Select the Policies tab, then choose NAT from the side menu.

Then click Add,

On the General tab, give the policy a name.

On the Original Packet tab, specify:

  • Source Zone: inside

On the Translated Packet tab, specify:

  • Translation Type: Dynamic Ip and Port (Port Address Translation)

Note: This outside interface address is also a Private IP address, that is provided by the ISP and natted out on the other side to a Public IP address by the ISP router. The concepts taught remain the same.

Now commit the changes.


