Reply
Highlighted
L1 Bithead

PA 200 Connected to 4G Router

Hi Folks,

We currently have a primary direct internet from the ISP to the Palo Alto PA-200 configured with LSVPN .

As we plan to have a secondary Internet, we want to connect the Palo Alto PA-200 with 4G Router using LSVPN as well. 

The problem is the public IP address is assigned to the 4G router and we'll connect it via LAN With PA-200 as the diagram illustrates below 

4G-PA200.jpg

How can Configure the PA-200 to implement the LSVPN as a client 

 

Cordially 

Tags (1)
Highlighted
L7 Applicator

Re: PA 200 Connected to 4G Router

Hello,

Does the 4G router have the ability to just pass all traffic without performing any other tasks or to be a transparent device so the PAN could have the public IP? Meaning the PA-200 should be able to make the request to the core of the LSVPN and make the connection. Is this not working as designed?

 

Please advise,

Highlighted
L7 Applicator

Re: PA 200 Connected to 4G Router

Hi @Adam42 

Why is it a problem if the public IP is on the 4G router? Btw. are you sure your 4G modem has a public IP? The way I used these modems so far, they always got a private IP ln the external interface and on provider side ther is carrier grade NAT for connections towards the internet.

Anyway, for GP LSVPN you don't need a public IP on your spoke firewall. Only the hub will need a public IP to receive the connections.

L1 Bithead

Re: PA 200 Connected to 4G Router

Hi  @OtakarKlier 

Which configuration should I do to make the router works transparent in order to carry the public IP address to the firewall? If I configure the DMZ IP on the router by assigning the IP address of the interface of the firewall PA200 will make it transparent?

Which configuration should I put on the firewall (spoke)

Thank you 

Highlighted
L7 Applicator

Re: PA 200 Connected to 4G Router

Hello,

Back in the day when i was doing this, there was a setting in the 4g router that allowed it to be transparent and it would pass the public IP to the attached device/firewall. While I dont know what or if there is that in the device you are using, you might want to reach out to the vendor and check. However like @vsys_remo pointed out. it might not be required.

 

Regards,

Highlighted
L1 Bithead

Re: PA 200 Connected to 4G Router

Hi @OtakarKlier  

Thank you for your answer, Well i'm using Huawei AR160 series .

 

The Hub administrators are requesting the  public ip and its Gatway but the 4G providers has just offered One Public IP /32 With NAT . 

 

Thank you 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!