- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-20-2022 10:02 PM
Hello
I found in documentation : "Assign destination zone based on Interface packet would egress from"
What is behind this "would" ? How is choose the destination zone , based on FW topology or routing table or ?
I have set a route (next hop Tunnel interface) to a subnet and a NAT rule.
I have a traffic from 2 differents source zone but same destination.
In log, destination zone is not the same for each traffic;
My rules are working but I can't explain why.
So how is based the choice for the destination zone ?
Thanks in advance
01-21-2022 11:27 AM
Hello,
As for the logs, enable logging at session end on all polcies and then check the traffic logs to see what they say. As for egress zone, its where the traffic is going or where it will end up. Each interface must be assigned a zone, where the packets leaves the firewall interface, that would be the egress zone based on the interface.
Regards,
01-23-2022 11:57 PM
Hello
Thanks for your reply.
My question is not : how i can check the destination zone but how PAN OS set it ?
After checking routing table or depending on the topology of firewall or something else ?
Regards
01-24-2022 06:09 AM
Destination zone is decided based on routes in virtual router so yes routing table.
If you have Policy Based Forwarding rules that overlap with virtual router then PBF route will take precedence over virtual router.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!