NAT
This section describes Network Address Translation (NAT)
and how to configure the firewall for NAT. NAT allows you to translate
private, non-routable IPv4 addresses to one or more globally-routable
IPv4 addresses, thereby conserving an organization’s routable IP
addresses. NAT allows you to not disclose the real IP addresses
of hosts that need access to public addresses and to manage traffic
by performing port forwarding. You can use NAT to solve network
design challenges, enabling networks with identical IP subnets to
communicate with each other. The firewall supports NAT on Layer
3 and virtual wire interfaces.
The
NAT64 option
translates between IPv6 and IPv4 addresses, providing connectivity
between networks using disparate IP addressing schemes, and therefore
a migration path to IPv6 addressing. IPv6-to-IPv6 Network Prefix
Translation (
NPTv6)
translates one IPv6 prefix to another IPv6 prefix. PAN-OS supports
all of these functions.
If you use private IP addresses within your internal networks,
you must use NAT to translate the private addresses to public addresses
that can be routed on external networks. In PAN-OS, you create NAT
policy rules that instruct the firewall which packet addresses and
ports need translation and what the translated addresses and ports
are.