- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
02-02-2021 12:40 PM
I am running into a problem and looking for any ideas or experience that may provide a solution.
I have a firewall that is managed by Panorama and the service route for panorama is set to ‘default’. I want to change this route to communicate to panorama over an IPSec tunnel. This change causes a revert and I guess this is probably expected behavior because the connection is interrupted. How can I accomplish this change without a revert.
I have tried doing it from the firewall side and the panorama side. I’ve tried using specific policies that target panorama. I’ve tried every combination of configuration order that I can think of and still coming up short. Does anybody have any resource they could point me to?
02-02-2021 08:22 PM
Does your firewall have communication to panorama over the IPSec tunnel? There's a wait incorporated before the revert that would account for the routing change before it reverts the configuration, which makes it possible your change is actually breaking the communication back to panorama long-term.
02-03-2021 08:26 AM
After checking panorama was not communicating over the vpn tunnel even with the service route changed and a any/any rule in place. I created a second rule that specifically targets the panorama servers and the interface for the vpn. Fixed my issue.
thanks for the help
02-02-2021 08:22 PM
Does your firewall have communication to panorama over the IPSec tunnel? There's a wait incorporated before the revert that would account for the routing change before it reverts the configuration, which makes it possible your change is actually breaking the communication back to panorama long-term.
02-03-2021 08:26 AM
After checking panorama was not communicating over the vpn tunnel even with the service route changed and a any/any rule in place. I created a second rule that specifically targets the panorama servers and the interface for the vpn. Fixed my issue.
thanks for the help
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!