An administrator is trying to understand which NAT policy is being matched.
In what order does the firewall evaluate NAT policies?
An administrator is trying to understand which NAT policy is being matched.
In what order does the firewall evaluate NAT policies?
The firewall evaluates NAT policies in order from top to bottom. Once a packet matches the criteria of a single NAT rule, it is not subjected to additional NAT rules. Therefore, it is important to arrange the NAT rules from the most specific to the least specific.
answer = b You configure a NAT rule to match a packet’s source zone and destination zone, at a minimum. In addition to zones, you can configure matching criteria based on the packet’s destination interface, source and destination address, and service. You can configure multiple NAT rules. The firewall evaluates the rules in order from the top down. Once a packet matches the criteria of a single NAT rule, the packet is not subjected to additional NAT rules. Therefore, your list of NAT rules should be in order from most specific to least specific so that packets are subjected to the most specific rule you created for them. https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-networking-admin/nat/nat-policy-rules/nat-policy-overview
Top down
The firewall evaluates the rules in order from the top down. Once a packet matches the criteria of a single NAT rule, the packet is not subjected to additional NAT rules. Therefore, your list of NAT rules should be in order from most specific to least specific so that packets are subjected to the most specific rule you created for them.