{"id":1144,"date":"2023-08-23T21:08:23","date_gmt":"2023-08-23T18:08:23","guid":{"rendered":"https:\/\/as7ablog.com\/kinan\/?p=1144"},"modified":"2023-08-24T00:55:08","modified_gmt":"2023-08-23T21:55:08","slug":"publish-service-through-paloalto-fw","status":"publish","type":"post","link":"http:\/\/as7ablog.com\/kinan\/?p=1144","title":{"rendered":"Publish Service Through Paloalto FW"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\" dir=\"ltr\">Yes, I know, it&#8217;s there everywhere on the net, but I still need to put it in shortest format as a reference for myself and &#8220;maybe&#8221; others.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\" dir=\"ltr\">The scenario is a Paloalto NGFW with two interfaces, one connected to public and one connected to DMZ or internal.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\" dir=\"ltr\">Under the &#8220;Security&#8221; policies, source zone is always the <strong>external<\/strong> one, and source addresses are either wildcard\/country\/specific; on destination, however, the zone will be <strong>DMZ<\/strong> but the address will be the <span style=\"text-decoration: underline\">external IP address<\/span> on which you&#8217;re expecting to receive the traffic. Services running on the firewall itself are exceptions as the destination zone would be external as well.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\" dir=\"ltr\">Under the &#8220;NAT&#8221; policies it is simple. Both source and destination zones would be the <strong>external<\/strong> one. As for the address, it will be same as in security policy, with proper destination translation.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\" dir=\"ltr\">HTH,<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Yes, I know, it&#8217;s there everywhere on the net, but I still need to put it in shortest format as a reference for myself and &#8220;maybe&#8221; others. The scenario is a Paloalto NGFW with two interfaces, one connected to public and one connected to DMZ or internal. Under the &#8220;Security&#8221; policies, source zone is always [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[4],"tags":[30,77],"class_list":["post-1144","post","type-post","status-publish","format-standard","hentry","category-4","tag-firewalls","tag-paloalto"],"_links":{"self":[{"href":"http:\/\/as7ablog.com\/kinan\/index.php?rest_route=\/wp\/v2\/posts\/1144","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/as7ablog.com\/kinan\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/as7ablog.com\/kinan\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/as7ablog.com\/kinan\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/as7ablog.com\/kinan\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1144"}],"version-history":[{"count":2,"href":"http:\/\/as7ablog.com\/kinan\/index.php?rest_route=\/wp\/v2\/posts\/1144\/revisions"}],"predecessor-version":[{"id":1146,"href":"http:\/\/as7ablog.com\/kinan\/index.php?rest_route=\/wp\/v2\/posts\/1144\/revisions\/1146"}],"wp:attachment":[{"href":"http:\/\/as7ablog.com\/kinan\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1144"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/as7ablog.com\/kinan\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1144"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/as7ablog.com\/kinan\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1144"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}