When a client on your internal network sends a request, the source address in the
packet contains the IP address for the client on your internal network. If you use
private IP address ranges internally, the packets from the client will not be able
to be routed on the Internet unless you translate the source IP address in the
packets leaving the network into a publicly routable address.
On the firewall you can do this by configuring a source NAT policy that translates
the source address (and optionally the port) into a public address. One way to do
this is to translate the source address for all packets to the egress interface on
your firewall, as shown in the following procedure.
This task covers regular DIPP, and this task also includes
the step to enable persistent NAT for DIPP in PAN-OS 11.1.0 and earlier releases.
To enable persistent NAT for DIPP in
PAN-OS 11.1.1 and later releases, Create a Source NAT Rule with Persistent DIPP.