Palo Alto - Security Polices

Default Intra-Zone rule to allow and default Inter-zone rule to deny.

Logging is not enabled on the default rules. Logging doesn’t work if no licence is installed.

Use Override to edit the default rules. Revert to restore to defaults.

Internal to DMZ server rule

Destination NAT to DMZ server

The original packet uses pre-NAT zones and IPs.

Outside to DMZ server rule

Use pre-NAT public IP, but DMZ zone