- The firewall evaluates the rules in order from the top down
- Static NAT rules do not have precedence over other forms of NAT.
- Upon ingress, the firewall inspects the packet and does a route lookup to determine the egress interface and zone. Then the firewall determines if the packet matches one of the NAT rules that have been defined, based on source and/or destination zone. It then evaluates and applies any security policies that match the packet based on the original (pre-NAT) source and destination addresses, but the post-NAT zones. Finally, upon egress, for a matching NAT rule, the firewall translates the source and/or destination address and port numbers.
- FW supports NAT also on Vwire interfaces.
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/networking/nat/nat-policy-rules/nat-policy-overview
A and D are true as below:
1. the NAT rules are processed first before the security rules
(https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVHCA0)
2. the NAT rules are processed from top down
(https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/networking/nat/nat-policy-rules/nat-policy-overview)
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
plasticpurduestrident
2 months ago[Removed]
4 months agoMarkGrootaarts
1 year, 2 months agoDatITGuyTho1337
1 year, 3 months agoN1KH1L
1 year, 1 month agoLetsDiscuss23
1 year, 4 months agokhaled_ellaboudy
1 year, 5 months agoVijay_75
1 year, 7 months agoOhEmGee
1 year, 5 months agoPunkSp
1 year, 7 months agosguerouate
1 year, 6 months ago