GRE Tunnel Interference

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

GRE Tunnel Interference

L2 Linker

Has anyone seen interferrence with GRE tunnels passing through PANFW's set up in virtualwire for passive IDS? The policies are all any, any, any etc and there is no inspection configured? I've read NAT'ing issues may have something to do with it, but not sure why that would be required for a passive set up. 

****************************************************
ACE 7.0, PCNSE7
6 REPLIES 6

Cyber Elite
Cyber Elite

Are you applying NAT for virtualwire traffic?

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

No.

****************************************************
ACE 7.0, PCNSE7

I've never seen it cause any issues for anything like that unless it's getting logged as a threat or something like that. Especially in a virtualwire setup it really shouldn't be interfacing any of your traffic.

I agree, and I think I'll be able to prove its not the Palo, but right now thats the only new thing in the environment so its the obvious target for blame. 

****************************************************
ACE 7.0, PCNSE7

Just run packet capture on "receive" and "transmit" states on Palo and you can verify if pacet it received on one side was sent out exactly the same.

If packet was dropped then "drop" state will capture them.

 

https://live.paloaltonetworks.com/t5/Management-Articles/Using-Packet-Filtering-through-the-WebGUI/t...

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

Thanks. I just don't have access to the box yet, which is why I was seeing if anyone had experience with a similar issue. Once I can run some PCAPs, it will be clear. Thanks again for taking the time to help!

****************************************************
ACE 7.0, PCNSE7
  • 3437 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!