04-28-2024 07:15 AM
Dear Palo alto family,
I face some difficulty to ping internet on DMZ , i am trying to configure a security policy DMZ_to_Public/ WAN but still i didn't ping 8.8.8.8 in DMZ switch and didn't ping in firewalls itself also.
Help me to solve this issue pls
04-28-2024 07:32 AM
Hi @Zola12 ,
I understand that there are 2 things which are trying to fix:
1. Ping is not working from DMZ to Internet
2. Ping not working when doing from DMZ Switch towards DMZ firewall interface.
To answer point 1, you need to make sure you have a proper security policy, NAT policy, Internet facing interface correct configuration.
Can you ping 8.8.8.8 from your firewall's Internet facing interface?
To answer point 2, if you need to ping the firewall interface, you need to enable ping on the interface.
Please refer to this KB - How to Allow Ping and ICMP on Layer 3 Interface of Your Palo Alto Networks Device
04-28-2024 10:15 AM
04-29-2024 11:41 PM
Setting up basic security-policy and NAT policy should not be a tough task. I do not have a lab firewall handy now to show the basic rules.
Here is a youtube video which you can refer which helps with basic network connectivity.
As only the ping does not work and rest Internet access works, check if application is added to the to the rule if app-based security policy is configured.
have you checked the traffic logs (GUI > Monitor > Traffic logs) to see if the traffic is allowed or blocked?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
