This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

Firewall Unable to connect to ISP Router

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Firewall Unable to connect to ISP Router

HassanThiam
L1 Bithead

‎01-17-2023 02:43 AM

I m setting up a small office network where the endpoints are connecting to a switch that is in turn trunked to a PA220 Firewall . The firewall external interface is configured with a static IP address within the same range as the ISP IP router .

However it appears that neither the ISP router or the Palo can receive arp entries off each other let alone ping each other

The ISP provider has also confirmed the internet connectivity is working fine .

Can anyone  please advise ?

 

Thanks 

0 Likes Likes
9 REPLIES 9

Raido_Rattameister
L7 Applicator

‎01-17-2023 05:15 AM - edited ‎01-17-2023 05:15 AM

If you configure same public IP and gateway on your laptop and connect ISP cable directly to laptop can you get to internet or see arp from ISP?

If yes we can help you troubleshoot Palo.

If not then ISP needs to check their config.

Enterprise Architect, Security @ Cloud Carib Ltd
ACE, PCNSE, PCNSI
0 Likes Likes

HassanThiam
L1 Bithead
In response to Raido_Rattameister

‎01-17-2023 07:00 AM

Hi 

 

Thanks for the feedback .  Unfortunately at the time, I was unable to configure  my laptop IP address and Gateway because of admin restrictions ( working to get elevated privileges at the moment ) . The ISP sent an engineer onsite to check internet reachability  and he confirmed connectivity to the ISP default gateway by plugging a device directly into the router .What are the sort of config that could prevent the firewall from seeing the router ? 

 

Thanks 

 

0 Likes Likes

Raido_Rattameister
L7 Applicator

‎01-17-2023 07:37 AM

ISP provides connectivity over access port right (not tagged/trunk port)?

Ask ISP if speed/duplex is set to auto/auto or if they have hardcoded those settings.

If second option you need to match your side.

Enterprise Architect, Security @ Cloud Carib Ltd
ACE, PCNSE, PCNSI
0 Likes Likes

HassanThiam
L1 Bithead
In response to Raido_Rattameister

‎01-17-2023 09:49 AM

Hi 

 

I will enquire with the ISP about the speed/duplex settings , I would have thought they will be set to auto 

Yes the connectivity is provided through an access port  . As per the attached topology the firewall connect to an Onsite router that only function in bridge mode with so  layer 3 communication is between the firewall and the aggregate router .

The ISP engineer  that  visited the site confirmed the Internet was working by plugging a portable device into the Onsite router ( LAN 1) and could get to the ISP Aggregate  Router using IP addresses within the same range .

Let me know if you have any further suggestions 2023-01-17 17_43_57-WAN - diagrams.net.png


Thanks in advance 

 

 

 

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks