04-25-2017 09:15 AM
Has anyone seen interferrence with GRE tunnels passing through PANFW's set up in virtualwire for passive IDS? The policies are all any, any, any etc and there is no inspection configured? I've read NAT'ing issues may have something to do with it, but not sure why that would be required for a passive set up.
04-25-2017 09:24 AM
Are you applying NAT for virtualwire traffic?
04-27-2017 01:10 PM
No.
04-27-2017 01:59 PM
I've never seen it cause any issues for anything like that unless it's getting logged as a threat or something like that. Especially in a virtualwire setup it really shouldn't be interfacing any of your traffic.
04-28-2017 07:35 AM
I agree, and I think I'll be able to prove its not the Palo, but right now thats the only new thing in the environment so its the obvious target for blame.
04-28-2017 10:04 AM
Just run packet capture on "receive" and "transmit" states on Palo and you can verify if pacet it received on one side was sent out exactly the same.
If packet was dropped then "drop" state will capture them.
05-01-2017 06:52 AM
Thanks. I just don't have access to the box yet, which is why I was seeing if anyone had experience with a similar issue. Once I can run some PCAPs, it will be clear. Thanks again for taking the time to help!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
