Tag Archives: NAT

Policy-Based Routing (PBR) on a Juniper ScreenOS Firewall

Here comes an example on how to configure policy-based routing (PBR) on a Juniper ScreenOS firewall. The requirement at the customers site was to forward all http and https connections through a cheap but fast DSL Internet connection while the business relevant applications (mail, VoIP, ftp, …) should rely on the reliable ISP connection with static IPv4 addresses. I am showing the five relevant menus to configure PBR on the ScreenOS GUI.

[UPDATE] I later on wrote an article with policy-based routing with two different virtual routers. See it here.[/UPDATE]

Continue reading Policy-Based Routing (PBR) on a Juniper ScreenOS Firewall

Policy Based Forwarding (PBF) on a Palo Alto Firewall

This is a small example of how to configure policy based forwarding (PBF) on a Palo Alto Networks firewall. The use case was to route all user generated http and https traffic through a cheap ADSL connection while all other business traffic is routed as normal through the better SDSL connection. Since I ran into two problems with this simple scenario, I am showing the solutions here.

[UPDATE] I also wrote an article about policy based forwarding with two different virtual routers on the Palo Alto firewall. See it here.[/UPDATE]

Continue reading Policy Based Forwarding (PBF) on a Palo Alto Firewall

Why NAT has nothing to do with Security!

During my job I am frequently discussing with people why they use NAT or why they believe that NAT adds any security to their networks, mainly some obscurity as NAT (PAT) hides the internal network structure. However, NAT does not add any real security to a network while it breaks almost any good concepts of a structured network design. To emphasize this thesis, here is a discussion:

Continue reading Why NAT has nothing to do with Security!