Basic AWS Setup

BrianFyre — Tue, 05 Nov 2019 23:13:59 GMT

So I'm having troubles with a deployment ... seems like it should be super straightforward, but I'm just not getting any traffic through the Palo.

I've got 3 subnet, private, public, mgmt

I swapped the mgmt and eth1/1 interface so the EIP is applied to the public facing interface.

I'm able to reach both the EIP and over VPN I'm able to access the 1/1 interface over https.

I've deployed a web server behind the Palo on the private subnet with a route table pointing to the Palo ENI. NAT and Security rules are correct, but I do not get any traffic back from the web server at all. Nothing but SYN's in a pcap. I can ping the web server private IP sourced from the inside interface of the palo.

I'm at a loss as to why this is not working ... Someone please help!

Re: Basic AWS Setup

Retired Member — Sun, 10 Nov 2019 00:32:22 GMT

Check the route table on the Web Server.
I have found that even though you create a route in the route table for the subnet, the route table directly on the web server will still have it's default route pointing to the IGW. If this is the case, this explains why the return traffic from the web server is not showing in the firewall logs.

topic Re: Basic AWS Setup in VM-Series in the Public Cloud

Basic AWS Setup

Re: Basic AWS Setup