I was wondering if anyone has deployed Microsoft Direct Access or Forefront UAG behind a Palo Alto firewall, and could share their experiences. Direct Access requires 2 consecutive public IPv4 addresses (no NAT), and we are trying to figure out the best way to route this through a PA-2020 that currently has layer 3 interfaces configured, with a public IP range assigned on the external/untrust interface and NATed RFC1918 addresses on all of the other interfaces. Any advice would be appreciated.
Solved! Go to Solution.
If you must keep the public addresses on the Forefront and absolutely NO NAT. Then what about setting up a virtual wire pair on the paloalto device and plugging the forefront into the trust side of it...You can plug the untrust side of the virutal wire pair into what ever switch you currently have the forefront plugged in to.
Abelgard, just curious if you might have updated to the new version of Direct Acess? If so, have you attempted to implement user awareness on your PA of incoming DA traffic? If so, how's that working for you, and how did you do it? Thanks!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!