10-10-2024 11:40 AM - edited 10-10-2024 11:43 AM
We have an existing GP setup and it's working, but the IP Pool is set to a range of IPs 192.168.10.10-192.168.10.100 instead of a subnet 192.168.10.0/24.
I want to either expand the range or change it to a subnet.
I tested this by expanding the range to 192.168.10.5-192.168.10.150, but clients that got an address in the newly expanded range e.g. 192.168.10.125 were having trouble with network traffic like connecting to internal DNS.
I looked at traffic logs, etc., but nothing stood out as the issue.
Are there other places in the config I need to change the range or commands I need to run?
Policies already allow by zone. Routing is already configured to use the /24 subnet.
I did see traffic being allowed, but maybe replies weren't being routed correctly back to the expanded range?
Maybe a routing table issue?
10-10-2024 12:41 PM
Hello,
That should be the only spot where you should have to specify the IP range It sounds like it possible you may now have a return route on an upstream device (or maybe you have multiple VRs and they dont have a route between each other for the ne network. I would next look at doing a packet catpure on the Palo to see if you are getting return traffic at all. If you are and its being dropped I would then check the global counters to see why its being dropped. How to check global counters for a specific source and destinat... - Knowledge Base - Palo Alto Netw...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
