Default Source NAT
Table of Contents
Default Source NAT
Learn more about the Prisma SD-WAN’s default source NAT.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
By default, Prisma SD-WAN provides an
out-of-the-box configuration that automatically performs Source
NAT on traffic destined directly to public internet interfaces.
| Fields | Description |
|---|---|
| 1 | A new flow source is from Host PC1 with
a source address of 10.10.10.10 and a destination address of 60.60.60.60. |
| 2 | A packet arrives at the ION device’s LAN
Interface. A policy lookup and a path selection decision perform
to put the traffic on the link to ISP A. |
| 3 | Place the packet onto the internet segment;
the Default-NATPolicySet matches against the Default-InternetRule. This
rule contains the following configuration:
In this rule:
Apply
the packet's policy; the source address of 10.10.10.10 overwrites
by the address bound to the Internet Interface (50.50.50.1). The
source port changes to a random port during this operation. In
this example the original packet: (s) 10.10.10.10:12345: (d) 60.60.60.60:443.
Is rewritten to: (s) 50.50.50.1:54321: (d) 60.60.60.60:443. |
| 4 | Traffic arrives at the internet-based SaaS
application. |
| 5 | Traffic returns to the destination of 50.50.50.1:54321. |
| 6 | Traffic arrives at the ION device's internet
interface, where a translation table check is performed on the flow
to ensure that there is an active connection. |
| 7 | Establish the traffic onto the LAN segment;
the destination IP address returns from 50.50.50.1:54321 to 10.10.10.10:12345. |