topic Internal route problem in General Topics

Internal route problem

cmateam — Tue, 26 Jun 2012 17:21:14 GMT

Had a question about internal routing.

We have eth port assigned to a trust network which is a 192.168 network. We also have a Avaya VoIP PBX that is vLan'd on this network and the routing is managed on an internal core switch to access this network. In our single virtual router I have a route for the 192.168.0.00/16 with next hop to the Gateway. I also have a network and an additional 172.16.0.0/17 route with a next hop to the core switch. We put our PAN2020's in place this past weekend, and our old firewall had a static route for the phone system exactly like this.

I am able to ping the phone server at the 172.16.x.x range, and can traceroute it as well (however the first hop times out). However trying to access the web management of the server, or using a service tool, or any application that can connect into the phone server fails.

When I monitor the connections on the firewall, it just say the applications are incomplete as if it makes the connection, but does not return the connection. What am I missing?

Re: Internal route problem

cmateam — Wed, 11 Jul 2012 14:44:39 GMT

I'm having an internal routing issue still....anyone? anyone? I opened a support case last night but have not heard anything more.

Re: Internal route problem

UhMayYeah — Wed, 11 Jul 2012 19:26:29 GMT

Any chances of asymmetric routing : refer https://live.paloaltonetworks.com/docs/DOC-1260

If not, check the security rules if its missing the application .

Add a test rule allowing Application any between the source and destination and place this rule at the top.<commit>

If this works ,monitor the traffic log for this rule ,delete the test rule and change the original security-rule accommodating the Applications.

Regards,

Ameya

Re: Internal route problem

cmateam — Wed, 11 Jul 2012 19:45:20 GMT

Thank you so much! That did the trick!