--> NAT Oversubscription allows the Palo Alto Firewall to use the same NAT IP address and Port Pair for connecting to different destinations from each host.
--> NAT Oversubscription works only if the destination is different.
--> The reuse of the same NAT IP and Port Pair allows the customers to have fewer public IP addresses without losing the Internet connectivity in case of oversubscription.
--> NAT Oversubscription can be configured by navigating to Device > Setup > Session > Session Settings
--> By default, The Palo Alto firewall allows 64K sessions with Each Public IP address.
--> We can have the oversubscription rate of 2/4/8 times the default sessions for each Public IP address.
--> Maximum 512K Sessions are allowed on one Public IP address if we use the oversubscription rate of 8.
--> By default, The oversubscription is disabled on the Palo Alto Firewall.
--> It is recommended to configure the oversubscription only if we have fewer public IP addresses and more Internet users as it consumes the memory on the Palo Alto Firewall.
--> Each and every model of Palo Alto Firewall supports different oversubscription rates, Need to check the datasheet of the Palo Alto Firewall.
0 comments:
Post a Comment