Using NATGW for Centralized Internet Outbound
Topology Initial Config (No NATGW) Testing: (for testing I’m using curl from the internal VM towards another VM running in a different cloud provider running NGIX) NATGW Once a NATGW is attached to the firewall eth1/1 interface subnet, the NATGW takes precedence: Testing: PIP can disassociate for egress only case Adding Multiple Private IPs The advantage of specifying the interface in the NAT rule is that the NAT rule will be automatically updated to use any address subsequently acquired by the interface. DIPP is sometimes referred to as interface-based NAT or network address port translation (NAPT). References https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-networking-admin/nat/source-nat-and-destination-nat/source-nat https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-networking-admin/nat/dynamic-ip-and-port-nat-oversubscription#id2a358bd4-94c0-4976-a681-dad3845f8174 Continue reading Using NATGW for Centralized Internet Outbound