topic Re: Strange behavior in General Topics https://live.paloaltonetworks.com/t5/general-topics/strange-behavior/m-p/571603#M115081 <P>Hi there,</P> <P>Have you confirmed that traffic flows from DMZ -&gt; Servers actually matches the expected security policy rule?&nbsp;<BR /><A href="https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/test-policy-rule-traffic-matches" target="_blank">Test Policy Rules (paloaltonetworks.com)</A></P> <P>&nbsp;</P> <P>In the traffic logs do you see the DMZ -&gt; Server flows hitting any Deny rules?<BR /><BR />For the devices in the Server security zone, do they have just a default route directing traffic to the firewall interface?</P> <P>&nbsp;</P> <P>cheers,</P> <P>Seb.</P> Wed, 03 Jan 2024 14:11:30 GMT seb_rupik 2024-01-03T14:11:30Z Strange behavior https://live.paloaltonetworks.com/t5/general-topics/strange-behavior/m-p/571572#M115078 <P>Hi,</P> <P>&nbsp;</P> <P>facing issue where directed interfaces traffic is not working (from DMZ zone to Servers zone) , while from Inside ZONE to SERVERS is working fine despite inside users SVI is core switch then static route from core switch to paloalto while for users inside DMZ zone their gateway is FW itself (also DHCP ) and no routing is needed to reach SERVERS zone which also their gateway is FW.&nbsp; policy same as&nbsp;&nbsp; Inside ZONE to SERVERS, no NAT.</P> <P>&nbsp;</P> <P>Note: pic attached&nbsp;</P> Wed, 03 Jan 2024 11:11:35 GMT https://live.paloaltonetworks.com/t5/general-topics/strange-behavior/m-p/571572#M115078 mhmameen 2024-01-03T11:11:35Z Re: Strange behavior https://live.paloaltonetworks.com/t5/general-topics/strange-behavior/m-p/571603#M115081 <P>Hi there,</P> <P>Have you confirmed that traffic flows from DMZ -&gt; Servers actually matches the expected security policy rule?&nbsp;<BR /><A href="https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/test-policy-rule-traffic-matches" target="_blank">Test Policy Rules (paloaltonetworks.com)</A></P> <P>&nbsp;</P> <P>In the traffic logs do you see the DMZ -&gt; Server flows hitting any Deny rules?<BR /><BR />For the devices in the Server security zone, do they have just a default route directing traffic to the firewall interface?</P> <P>&nbsp;</P> <P>cheers,</P> <P>Seb.</P> Wed, 03 Jan 2024 14:11:30 GMT https://live.paloaltonetworks.com/t5/general-topics/strange-behavior/m-p/571603#M115081 seb_rupik 2024-01-03T14:11:30Z