I am in the process of migrating internet connections, at the moment we have a PA-500 with 3 active internet connections, traffic is routed between different connections using policy routing. This is fine for outbound traffic, however inbound does not work as the traffic attempts to return via the default gateway.
There seems to be no implementation of Reverse Path Forwarding (RPF) to return the traffic for the origin interface.
I need to know if there is a way to set this up. The problem at hand is our mail and webmail is coming in on the "eth0/1" interface which will soon be decommisioned, however during the interum (DNS propergation) we need to have both eth0/1 and eth0/3 accepting traffic for https, smtp, and smtps simaltaniously with the default route going via eth0/3.
I have attempted to try and return the traffic via PBF with no success.
My goal is:
Default Route - eth0/3
Incoming traffic on eth0/1 goes to internal network, then returns via eth0/1, NOT eth0/3
Please help before I loose all my hair
My idea was this:
1. Source NAT (And destination nat) traffic coming in on ethernet0/1. Let's say:
Original SRC packet: 18.104.22.168
Original DST packet: 22.214.171.124
NAT SRC packet: 192.168.1.1
NAT DST packet:10.1.1.1
2. Keep your default route pointing to ethernet0/3
The idea beeing the 192.168.1.1 source address will be the new source of the packet and should be routed back to the correct interface (ethernet0/1) simply because it is a connected route. No need for PBF for this traffic.
I have never tried this in a Palo box (but a similar config in a Juniper/Netscreen worked).
Let me know how it works!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!