Allowing PIA VPN in home network

cancel
Showing results for 
Search instead for 
Did you mean: 

Allowing PIA VPN in home network

L0 Member

Hi all,

Quite new to managing NGFW, please be patient.

I have PA-820 looking after my home network, no domain, few computers, using it to learn more than anything else, but since I have it want to use it fully.

I want my Private Internet Access VPN to access Internet without decryption, I am failing to make that exception.

Protocol I want to use is WireGuard, it works when I have direct connection to ISP router, it works when I have decryption policies turned off, but fails to go through PA820 with currently set up decryption profiles.

Have already set it up so that normal traffic for few categories including "proxy avoidance and anonymisers" is not decrypted, rest is.

That I have tested and I do see Palo's internal cert presented for websites in my browser instead of original website's issuer, so that works.

Have set up service group with all ports specified in PIA's documentation, where do I go from there? What do I miss?

Regards
Rob T.
2 REPLIES 2

Cyber Elite
Cyber Elite

Hello,

If you are behind the PAN, why vpn out and bypass its security features? If they have a domain name/URL, or IP lists, you can use create a bypass policy for that.

Regarsd,

Hi,

I like to play, break things to learn, that kind of stuff and I have access to fw 24/7...

URL list - unlikely to get that, I think.

IP list - it would require me to create a http website to place file with IP's from PIA. I could create small free webserver to host it on and allow access only from my PC to it, it would be useful for other lists too... not a bad idea.

 

On subject - I was just thinking I am missing some other way that is built-in...

 

Regards
Rob T.
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!