Forefront UAG Direct Access
cancel
Showing results for 
Search instead for 
Did you mean: 

Forefront UAG Direct Access

L1 Bithead

I was wondering if anyone has deployed Microsoft Direct Access or Forefront UAG behind a Palo Alto firewall, and could share their experiences.  Direct Access requires 2 consecutive public IPv4 addresses (no NAT), and we are trying to figure out the best way to route this through a PA-2020 that currently has layer 3 interfaces configured, with a public IP range assigned on the external/untrust interface and NATed RFC1918 addresses on all of the other interfaces.  Any advice would be appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions

L4 Transporter

If you must keep the public addresses on the Forefront and absolutely NO NAT. Then what about setting up a virtual wire pair on the paloalto device and plugging the forefront into the trust side of it...You can plug the untrust side of the virutal wire pair into what ever switch you currently have the forefront plugged in to.

thanks,

Stephen

View solution in original post

3 REPLIES 3

L4 Transporter

If you must keep the public addresses on the Forefront and absolutely NO NAT. Then what about setting up a virtual wire pair on the paloalto device and plugging the forefront into the trust side of it...You can plug the untrust side of the virutal wire pair into what ever switch you currently have the forefront plugged in to.

thanks,

Stephen

View solution in original post

Not applicable

Abelgard, just curious if you might have updated to the new version of Direct Acess? If so, have you attempted to implement user awareness on your PA of incoming DA traffic? If so, how's that working for you, and how did you do it? Thanks!

We actually decided not to deploy DA... we were never able to get it working.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!