https://live.paloaltonetworks.com/t5/general-topics/allow-traffic-other-than-ipsec/m-p/518188#M107510 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/247068">@mike.07</a>&nbsp;,</P> <P>&nbsp;</P> <P>Do you have specific public servers you would like the internet to access? Setting up access from the outside zone to your DMZ zone should not affect the tunnel you have between the two-sites.&nbsp;</P> Tue, 18 Oct 2022 02:55:26 GMT JayGolf 2022-10-18T02:55:26Z https://live.paloaltonetworks.com/t5/general-topics/allow-traffic-other-than-ipsec/m-p/517951#M107460 <P>Hi all,</P> <P>&nbsp;</P> <P>Site A</P> <P>Source Zone: test-DMZ</P> <P>Interface: ae 1 (172.16.1.1)</P> <P>Tunnel Interface is in internal-trust zone.</P> <P>Static route set to destination 10.10.10.1</P> <P>&nbsp;</P> <P>I have an IPsec tunnel between 2 sites.&nbsp;</P> <P>However, i want to allow traffic from other sources to test-DMZ zone.</P> <P>How can i deploy policy that will allow me to communicate from test-DMZ to outside internet and vice versa without breaking the IPsec connection?</P> <P>&nbsp;</P> Fri, 14 Oct 2022 14:09:18 GMT https://live.paloaltonetworks.com/t5/general-topics/allow-traffic-other-than-ipsec/m-p/517951#M107460 mike.07 2022-10-14T14:09:18Z https://live.paloaltonetworks.com/t5/general-topics/allow-traffic-other-than-ipsec/m-p/518188#M107510 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/247068">@mike.07</a>&nbsp;,</P> <P>&nbsp;</P> <P>Do you have specific public servers you would like the internet to access? Setting up access from the outside zone to your DMZ zone should not affect the tunnel you have between the two-sites.&nbsp;</P> Tue, 18 Oct 2022 02:55:26 GMT https://live.paloaltonetworks.com/t5/general-topics/allow-traffic-other-than-ipsec/m-p/518188#M107510 JayGolf 2022-10-18T02:55:26Z https://live.paloaltonetworks.com/t5/general-topics/allow-traffic-other-than-ipsec/m-p/518550#M107575 <P>HI Jay,&nbsp;</P> <P>&nbsp;</P> <P>Yes, i need to allow access to one specific server, problem is it is a FQDN which resolves to multiple IPs.</P> <P>Is there any way i can create Source NAT that would allow traffic to FQDN?</P> Thu, 20 Oct 2022 18:40:25 GMT https://live.paloaltonetworks.com/t5/general-topics/allow-traffic-other-than-ipsec/m-p/518550#M107575 mike.07 2022-10-20T18:40:25Z