https://live.paloaltonetworks.com/t5/general-topics/paloalto-failing-communication-for-kali-linux/m-p/517204#M107367 <P>Kali, Windows and RHEL installed in a lab behind Palos on a directly connected Vlan. Windows and RHEL have no issue communicating to internet or ping firewall interface. But for Kali, Palo captures show only receive and no transmit or even drop packets.&nbsp;</P> <P>&nbsp;</P> <P>All 3 are getting IP from DHCP on Palo interface, and share common NAT/security policies, routes . I have even tried removing profiles from the policy.</P> <P>&nbsp;</P> <P>Ping from Kali to firewall interface shows&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/44503i5AF9C85E19E4F0DA/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P> <P>&nbsp;</P> <P>Kali</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/44504iFFEC7E1012589CFC/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P> <P>&nbsp;</P> <P>RHEL</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 925px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/44505i0D0D72332D778121/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/44506iBE3F8195C3B8E4BE/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P> Sun, 09 Oct 2022 05:38:30 GMT raji_toor 2022-10-09T05:38:30Z https://live.paloaltonetworks.com/t5/general-topics/paloalto-failing-communication-for-kali-linux/m-p/517204#M107367 <P>Kali, Windows and RHEL installed in a lab behind Palos on a directly connected Vlan. Windows and RHEL have no issue communicating to internet or ping firewall interface. But for Kali, Palo captures show only receive and no transmit or even drop packets.&nbsp;</P> <P>&nbsp;</P> <P>All 3 are getting IP from DHCP on Palo interface, and share common NAT/security policies, routes . I have even tried removing profiles from the policy.</P> <P>&nbsp;</P> <P>Ping from Kali to firewall interface shows&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/44503i5AF9C85E19E4F0DA/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P> <P>&nbsp;</P> <P>Kali</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/44504iFFEC7E1012589CFC/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P> <P>&nbsp;</P> <P>RHEL</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 925px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/44505i0D0D72332D778121/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/44506iBE3F8195C3B8E4BE/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P> Sun, 09 Oct 2022 05:38:30 GMT https://live.paloaltonetworks.com/t5/general-topics/paloalto-failing-communication-for-kali-linux/m-p/517204#M107367 raji_toor 2022-10-09T05:38:30Z https://live.paloaltonetworks.com/t5/general-topics/paloalto-failing-communication-for-kali-linux/m-p/517211#M107368 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/56221">@raji_toor</a>&nbsp;</P> <P>The packet captures you have shown - where are they taken from? tcpdump from the VMs or packet capture from the PAN FW?</P> <P>&nbsp;</P> <P>This doesn't seems to be PAN FW specific so I would suggest you to start with the basics:</P> <P>- Ping Kali VM from firewall - &gt; ping source 192.168.99.1 host 192.168.99.5</P> <P>- Check if firewall have ARP entry for Kali VM -&gt; show arp &lt;interface-to-kali&gt;</P> <P>- Repeat the same from Kali VM (it is good to run the ping before checking ARP to generate fresh ARP requests)</P> <P>&nbsp;</P> <P>My assumption is that Kali VM is not setup properly and most probably either it is using vnic or using wrong VLAN so Kali VM is not actually connected in the same layer3 network as the PAN FW. Above steps are aming to confirm that - if you don't have ARP (incomplete) from FW to Kali or vice versa it seems you don't have layer2 connectivity.</P> <P>&nbsp;</P> <P>FW operates at layer3, so even if it is blocking the traffic (security rule, zone protection, content inspection etc) you must at least see ARP entry for Kali VM.</P> <P>&nbsp;</P> <P>If there is indeed ARP entry the best option to understand why traffic is being blocked is to use global conters with packet filter.</P> <P>Following link describe how to collect this information - <A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CloNCAS" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CloNCAS</A></P> <P>In summary:</P> <P>- Enable the filter</P> <P>- Run twice "<SPAN><SPAN class="richTextArea slds-text-longform tile__title red-txt">show counter global filter packet-filter yes delta yes" (before running any actual traffic to "clear" the delta )</SPAN></SPAN></P> <P><SPAN><SPAN class="richTextArea slds-text-longform tile__title red-txt">- Run simple ping from Kali VM</SPAN></SPAN></P> <P><SPAN><SPAN class="richTextArea slds-text-longform tile__title red-txt">- Check global counters again and see what is the output.</SPAN></SPAN></P> <P>&nbsp;</P> <P>&nbsp;</P> Sun, 09 Oct 2022 15:12:07 GMT https://live.paloaltonetworks.com/t5/general-topics/paloalto-failing-communication-for-kali-linux/m-p/517211#M107368 A_Astardzhiev 2022-10-09T15:12:07Z https://live.paloaltonetworks.com/t5/general-topics/paloalto-failing-communication-for-kali-linux/m-p/517234#M107370 <P>Everything was in order, On looking at the routes i found Kali IP assigned to a loopback interface on PA causing duplicate IP issue. On excluding it from DHCP assignment range in PA resolved it.</P> Sun, 09 Oct 2022 17:33:22 GMT https://live.paloaltonetworks.com/t5/general-topics/paloalto-failing-communication-for-kali-linux/m-p/517234#M107370 raji_toor 2022-10-09T17:33:22Z