Multiple External IPs to Multiple Firewalls

peeryog — Tue, 19 Oct 2021 16:09:13 GMT

I am sure this is going to be something simple, but I am admittedly stumped (not hard to do).

I have a block of External IP addresses assigned by our ISP , say 172.10.10.10/29

The gateway is 172.10.10.10 . This contains a single physical port . This is connected to a switch to allow distribution of multiple ports.

I have 2 firewalls attached.

Firewall one is assigned 172.10.10.11/29

Firewall two is assigned 172.10.10.15/29 .

If I add my new PA 850 with an external interface setting of 172.10.10.14/29, it blocks access to 172.10.10.15. The other firewall on 172.10.10.11 is not affected.

I have created no static routes or NAT on the 850 at this point.

If I set the external address of the 850 to 172.10.10.14/32. it still blocks 15.

If I swap the IP addresses, that is, set the 850 to 172.10.10.15/29 and set Firewall2 to 172.10.10.14/29, it works. So then all 3 firewalls are up.

I could leave it at that. However a) I don't know why its blocking devices further down the IP address list and I would like to and b) I have some public webservices pointing to the original IP address of 172.10.10.15 so would rather not change that.

Re: Multiple External IPs to Multiple Firewalls

OtakarKlier — Tue, 19 Oct 2021 17:49:07 GMT

Hello,

What do the logs on the PAN say as to why the traffic is getting blocked? Might want to put in a policy of something like this for the PAN:

source zone untrust source ip 172.10.10.10/29 destination zone untrust destination ip 172.10.10.10/29 any application/any service action is allow

Just a thought.

topic Re: Multiple External IPs to Multiple Firewalls in General Topics

Multiple External IPs to Multiple Firewalls

Re: Multiple External IPs to Multiple Firewalls