Dynamic IP and Port NAT Oversubscription
Updated on
Jul 1, 2024
Focus
Download PDF
Updated on
Jul 1, 2024
Focus
- Home
- PAN-OS
- NAT
- Dynamic IP and Port NAT Oversubscription
Download PDF
Table of Contents
Dynamic IP and Port (DIPP) NAT allows you to use eachtranslated IP address and port pair multiple times (8, 4, or 2 times)in concurrent sessions. This reusability of an IP address and port(known as oversubscription) provides scalability for customers whohave too few public IP addresses. The design is based on the assumptionthat hosts are connecting to different destinations, therefore sessions canbe uniquely identified and collisions are unlikely. The oversubscriptionrate in effect multiplies the original size of the address/portpool to 8, 4, or 2 times the size. For example, the default limitof 64K concurrent sessions allowed, when multiplied by an oversubscriptionrate of 8, results in 512K concurrent sessions allowed.
The oversubscription rates that are allowed vary based on themodel. The oversubscription rate is global; it applies to the firewall.This oversubscription rate is set by default and consumes memory,even if you have enough public IP addresses available to make oversubscriptionunnecessary. You can reduce the rate from the default setting toa lower setting or even 1 (which means no oversubscription). By configuringa reduced rate, you decrease the number of source device translations possible,but increase the DIP and DIPP NAT rule capacities. To change thedefault rate, see Modify the Oversubscription Rate for DIPP NAT.
If you select Platform Default PlatformDefault
The Product Selection tool showsthe default (maximum) DIPP pool oversubscription rate for each model.
The firewall supports a maximum of 256 translated IP addressesper NAT rule, and each model supports a maximum number of translatedIP addresses (for all NAT rules combined). If oversubscription causesthe maximum translated addresses per rule (256) to be exceeded,the firewall will automatically reduce the oversubscription ratioin an effort to have the commit succeed. However, if your NAT rulesresult in translations that exceed the maximum translated addressesfor the model, the commit will fail.
"); adBlockNotification.append($( "Thanks for visiting https://docs.paloaltonetworks.com. To improve your experience when accessing content across our site, please add the domain to the allow list on your ad blocker application." )); let adBlockNotificationClose = $("x"); adBlockNotification.prepend(adBlockNotificationClose) $('body').append(adBlockNotification); setTimeout(function (e) { adBlockNotification.addClass('open'); }, 10); adBlockNotificationClose.on('click', function (e) { adBlockNotification.removeClass('open'); }) } }, 5000)
Recommended For You
{{ if(( raw.pantechdoctype != "techdocsAuthoredContentPage" && raw.objecttype != "Knowledge" && raw.pancommonsourcename != "TD pan.dev Docs")) { }} {{ if (raw.panbooktype) { }} {{ if (raw.panbooktype.indexOf('PANW Yellow Theme') != -1){ }}
{{ } else if (raw.panbooktype.indexOf('PANW Green Theme') != -1){ }}
{{ } else if (raw.panbooktype.indexOf('PANW Blue Theme') != -1){ }}
{{ } else { }}
{{ } }} {{ } else { }}
{{ } }} {{ } else { }} {{ if (raw.pantechdoctype == "pdf"){ }}
{{ } else if (raw.objecttype == "Knowledge") { }}
{{ } else if (raw.pancommonsourcename == "TD pan.dev Docs") { }}
{{ } else if (raw.pancommonsourcename == "LIVEcommunity Public") { }}
{{ } else { }}
{{ } }} {{ } }}
{{ if (raw.pancommonsourcename == "LIVEcommunity Public") { }}
{{ if (raw.pantechdoctype == "pdf"){ }}
{{ } }}
{{ } else { }}
{{ if (raw.pantechdoctype == "pdf"){ }}
{{ } }}
{{ } }}
{{ if (raw.pancommonsourcename != "TD pan.dev Docs"){ }} {{ if (raw.pandevdocsosversion){ }} {{ } else { }} {{ if ((_.size(raw.panosversion)>0) && !(_.isNull(raw.panconversationid )) && (!(_.isEmpty(raw.panconversationid ))) && !(_.isNull(raw.otherversions ))) { }} (See other versions) {{ } }} {{ } }} {{ } }}
{{ } }}{{ if (raw.pantechdoctype == "bookDetailPage"){ }}
{{ } }}{{ if (raw.pantechdoctype == "bookLandingPage"){ }}
{{ } }}{{ if (raw.pantechdoctype == "productLanding"){ }}
{{ } }}{{ if (raw.pantechdoctype == "techdocsAuthoredContentPage"){ }}
{{ } }}{{ if (raw.pantechdoctype == "pdf"){ }}
{{ } }}
