SNAT
Source NAT (SNAT) in Palo Alto Firewall – Real Packet Flow ExplainedMany engineers know what SNAT is, but understanding the real packet flow makes you truly enterprise-ready.
๐ What is Source NAT (SNAT)?
Source NAT changes the source IP address of outbound traffic so private internal networks can communicate with external networks like the internet or cloud.
๐งช Real Enterprise Example
Internal User:
• IP: 10.X.X.X (Trust Zone)
Firewall Public IP:
• 203.X.X.X
External Website:
• 12.X.X.X (Untrust Zone)
๐ Packet Flow in Source NAT (Step-by-Step)
๐ข Step 1 – User Sends Traffic
A user inside the company opens an HTTPS website.
Traffic generated:
• Source IP: 10.X.X.X
• Destination IP: 12.X.X.X
๐ก Step 2 – Traffic Reaches Palo Alto Firewall
The firewall checks the NAT rulebase and finds the matching Source NAT policy for outbound internet traffic.
๐ต Step 3 – Source IP Translation Happens
The firewall replaces the private IP with its public IP.
• Source IP becomes: 203.X.X.X
• Destination IP remains: 12.X.X.X
This process is called Port Address Translation (PAT) when multiple users share one public IP.
๐ Step 4 – Traffic Goes to the Internet
The external website sees the request coming from 203.X.X.X.
The internal IP (10.X.X.X) is completely hidden.
๐ Step 5 – Return Traffic Comes Back
The website sends the response back to 203.X.X.X.
The firewall checks its session table.
๐ด Step 6 – Reverse NAT (Automatic)
The firewall maps the traffic back to the original internal user:
• Destination IP converted back to 10.X.X.X
The user receives the response without knowing NAT happened.
๐ง Why Source NAT is Critical in Enterprises
• Enables private networks to access the internet and cloud
• Hides internal IP architecture from external parties
• Saves public IP addresses using PAT
• Required for compliance, logging, and security control
No comments:
Post a Comment