https://live.paloaltonetworks.com/t5/general-topics/communication-problem-between-lan-and-dmz/m-p/34738#M25493 <HTML><HEAD></HEAD><BODY><P>Hello Veera,</P><P>all of what you have described are basic functions of the Paloalto device. So they should work just fine.</P><P>As long as you have policies to allow traffic from the trust to dmz or dmz to trust and routing is correct, this should work.</P><P>Also sharing should work fine especially if ftp and ping work.</P><P>Perhaps you can create a policy for all traffic between the trust and dmz and the dmz and trust, allowing all applications and services.</P><P>If committting this policy resolves your issues then you know that perhaps your were not allowing all the necessary applications and services. However if your problems still persist, you can call into support in order that we can take a closer look at your device configuration and network configuration.</P><P></P><P></P><P></P><P>thanks,</P><P>Stephen</P></BODY></HTML> Tue, 08 Jun 2010 16:23:11 GMT swhyte 2010-06-08T16:23:11Z https://live.paloaltonetworks.com/t5/general-topics/communication-problem-between-lan-and-dmz/m-p/34735#M25490 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P> We have PAN 500 device with us..deployed in L3 mode.Lan and DMZ communication is happening only if i have NAT rule in place with the destination zone and interface mentioned (but no natting be done)between them.Do we really require a NAT rule in place for achieving this.I guess this doesn't require.We have tested with all OS and models.Anyone faced this issue earlier?</P></BODY></HTML> Tue, 08 Jun 2010 10:28:45 GMT https://live.paloaltonetworks.com/t5/general-topics/communication-problem-between-lan-and-dmz/m-p/34735#M25490 veera12883 2010-06-08T10:28:45Z https://live.paloaltonetworks.com/t5/general-topics/communication-problem-between-lan-and-dmz/m-p/34736#M25491 <HTML><HEAD></HEAD><BODY><P>Hello Veera,</P><P>NAT is not need is your routing is set up correctly.</P><P>So if you have a l3 lan interface connected to the same virtual router that a l3 dmz interface is connected to, you should be able to route between them. However if each network does not know how to route back to the other, then you can use a NAT rule to work around your routing problem.</P><P></P><P></P><P>thank you,</P><P>Stephen</P></BODY></HTML> Tue, 08 Jun 2010 14:54:54 GMT https://live.paloaltonetworks.com/t5/general-topics/communication-problem-between-lan-and-dmz/m-p/34736#M25491 swhyte 2010-06-08T14:54:54Z https://live.paloaltonetworks.com/t5/general-topics/communication-problem-between-lan-and-dmz/m-p/34737#M25492 <HTML><HEAD></HEAD><BODY><P>Hi STEPHEN,</P><P></P><P>We have both the DMZ&nbsp; and trust in the same virtual router and proper routing is there,but the communication is happening only when we have the NAT policy in place.Also sometimes ping,FTP and other services are working but file sharing is not happening,this also only for few users. Have this been replicated in labs and any issues faced earlier?</P><P></P><P>Thanks,</P><P>veera</P></BODY></HTML> Tue, 08 Jun 2010 16:00:46 GMT https://live.paloaltonetworks.com/t5/general-topics/communication-problem-between-lan-and-dmz/m-p/34737#M25492 veera12883 2010-06-08T16:00:46Z https://live.paloaltonetworks.com/t5/general-topics/communication-problem-between-lan-and-dmz/m-p/34738#M25493 <HTML><HEAD></HEAD><BODY><P>Hello Veera,</P><P>all of what you have described are basic functions of the Paloalto device. So they should work just fine.</P><P>As long as you have policies to allow traffic from the trust to dmz or dmz to trust and routing is correct, this should work.</P><P>Also sharing should work fine especially if ftp and ping work.</P><P>Perhaps you can create a policy for all traffic between the trust and dmz and the dmz and trust, allowing all applications and services.</P><P>If committting this policy resolves your issues then you know that perhaps your were not allowing all the necessary applications and services. However if your problems still persist, you can call into support in order that we can take a closer look at your device configuration and network configuration.</P><P></P><P></P><P></P><P>thanks,</P><P>Stephen</P></BODY></HTML> Tue, 08 Jun 2010 16:23:11 GMT https://live.paloaltonetworks.com/t5/general-topics/communication-problem-between-lan-and-dmz/m-p/34738#M25493 swhyte 2010-06-08T16:23:11Z