- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
06-17-2016 01:13 PM - edited 06-20-2016 05:36 AM
Looking for input on a subnet routing, issue I am having.
So I have let’s say for argument I have two zones, Trust and Untrust.
Interfaces
Int 1/1 - Untrust Internet 192.168.0.1
Int 1/2 - Trust 10.8.1.20
Int 1/3 - Trust 10.26.96.1
I have a virtual router (default)
Default
Destination 0.0.0.0/0
Int 1/1
Net Hop Value 69.168.XX.XX
This is where I am getting confused!
I want the Both (8)(9) be able to talk to each other
Access Name
Destination 10.26.96.0/30
Int 1/3
Next Hop Value 10.26.96.1
No Working, so? Need a little help.
Thanks,
06-17-2016 01:37 PM
Could you please tell me what are addresses (and subnets masks) of two hosts trying to communicate, where are they connected (zones/ports) and what are their default gw settings?
By default hosts are able to talk within the zone (intra-zone traffic) interfaces and are denied for traffic between the zones (inter-zone traffic). And one thing that seems to be not entirely correct - default route (0.0.0.0/0) should point to address within e1/3 range (basically gateway for that interface), because firewall does not know how to reach that 69.168.242.65 at the moment.
06-20-2016 05:36 AM - edited 06-20-2016 05:36 AM
Zone is trusted
Int 2 - 10.8.1.20 Interface IP (255.255.255.0)
Int 3 - 10.26.96.1 Interface IP (255.255.255.0)
I am using the int address(e)s as each of their own Default Gateways, I am then using a generic route rule 0.0.0.0/0 to route traffic to Int1/1 interface for internet.
06-20-2016 05:55 AM - edited 06-20-2016 06:03 AM
Hi,
This is directly connected networks to Palo, so they should be talking to each other without any additional static routes or routing. Please confirm you can ping your subinterfaces and make sure that the policy in place and correct traffic permitted.
Thanks,
06-20-2016 06:15 AM
Yes, I tend to agree with Transporter, although the description is still kind of a blurry.
Basically check everything step by step:
06-28-2016 02:41 PM
Yea can you provide a bit more detail? What is (8) and (9)?
Please provide:
Source and destination subnets you want to talk, and the zones and interfaces associated with each IP subnet.
Gateway address of clients in each source and destination subnet
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!