Firewall, allow inside to access outside interface

Posted on 2012-09-16
Last Modified: 2013-06-07
Dear all,

I have a firewall with several public IP's for different services. One service should be accessible from the inside but I haven't found any way to solve this on my inside network so I must route my inside hosts to the specific public IP address.

I'm pretty sure it's just a security policy, and maybe I must edit the NAT list but I'm not exactly sure.

I have a Palo Alto firewall, but I guess any suggestions will work since this is a more "generic" question...
Question by:kaare_t
    LVL 18

    Expert Comment

    by:Andrew Davis
    Need a bit more information as i am a little confused as to what you are trying to do.

    Are you talking about something like you host your own web (or whatever) service internally so the public facing DNS points to your exteernal interface so users external to your netowrk can access the service, and you want internal users to also see the website? if this is the case it is a DNS issue and not a firewall issue.

    Can you explain what it is you are trying to acheive.

    LVL 26

    Accepted Solution

    Sound like your after a hairpin NAT rule; have no experience of Palo Alto Firewalls so can't comment as to whether they are supported, or how you would configure a rule.

    If you can't define a rule it may be worth considering adding a few local DNS entries for your public services,, to make them accessible within your network.

    Author Comment

    Thanks guys! I will do a little research on both and come back with my solution. I think both suggestions (DNS & Hairpinning) will work fine.

    Author Closing Comment

    Hairpin was what I was looking for!

    Expert Comment

    How did you set this up? We are looking for the same thing and are having a few problems.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Join & Write a Comment

    I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
    Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now