Had a question about internal routing.
We have eth port assigned to a trust network which is a 192.168 network. We also have a Avaya VoIP PBX that is vLan'd on this network and the routing is managed on an internal core switch to access this network. In our single virtual router I have a route for the 192.168.0.00/16 with next hop to the Gateway. I also have a network and an additional 172.16.0.0/17 route with a next hop to the core switch. We put our PAN2020's in place this past weekend, and our old firewall had a static route for the phone system exactly like this.
I am able to ping the phone server at the 172.16.x.x range, and can traceroute it as well (however the first hop times out). However trying to access the web management of the server, or using a service tool, or any application that can connect into the phone server fails.
When I monitor the connections on the firewall, it just say the applications are incomplete as if it makes the connection, but does not return the connection. What am I missing?
Solved! Go to Solution.
Any chances of asymmetric routing : refer https://live.paloaltonetworks.com/docs/DOC-1260
If not, check the security rules if its missing the application .
Add a test rule allowing Application any between the source and destination and place this rule at the top.<commit>
If this works ,monitor the traffic log for this rule ,delete the test rule and change the original security-rule accommodating the Applications.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!