Internal route problem

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Internal route problem

L3 Networker

Had a question about internal routing.

We have eth port assigned to a trust network which is a 192.168 network.  We also have a Avaya VoIP PBX that is vLan'd on this network and the routing is managed on an internal core switch to access this network.  In our single virtual router I have a route for the 192.168.0.00/16 with next hop to the Gateway.  I also have a network and an additional 172.16.0.0/17 route with a next hop to the core switch.  We put our PAN2020's in place this past weekend, and our old firewall had a static route for the phone system exactly like this. 

I am able to ping the phone server at the 172.16.x.x range, and can traceroute it as well (however the first hop times out). However trying to access the web management of the server, or using a service tool, or any application that can connect into the phone server fails.

When I monitor the connections on the firewall, it just say the applications are incomplete as if it makes the connection, but does not return the connection. What am I missing? 

1 accepted solution

Accepted Solutions

L5 Sessionator

Any chances of asymmetric routing : refer https://live.paloaltonetworks.com/docs/DOC-1260

If not, check the security rules if its missing the application .

Add a test rule allowing Application any between the source and destination and place this rule at the top.<commit>

If this works ,monitor the traffic log for this rule ,delete the test rule and change the original security-rule accommodating the Applications.

Regards,

Ameya

View solution in original post

3 REPLIES 3

L3 Networker

I'm having an internal routing issue still....anyone? anyone? I opened a support case last night but have not heard anything more.

L5 Sessionator

Any chances of asymmetric routing : refer https://live.paloaltonetworks.com/docs/DOC-1260

If not, check the security rules if its missing the application .

Add a test rule allowing Application any between the source and destination and place this rule at the top.<commit>

If this works ,monitor the traffic log for this rule ,delete the test rule and change the original security-rule accommodating the Applications.

Regards,

Ameya

Thank you so much!  That did the trick! 

  • 1 accepted solution
  • 3287 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!