09-20-2023 07:13 AM
I have a customer who is using PAN appliances and we have a valid IPSec tunnel to a cloud provider. Traffic is fine for SSH and ICMP traffic in both directions. However, when we send HTTPS traffic across the tunnel the firewall logs suggest no bytes received and nothing past the SYN going out (we see no ACK etc.). From the client perspective it results in a timeout obviously.
To troubleshoot, we setup another IPSEC tunnel from another cloud network to confirm that the remote side of the tunnel was not preventing return traffic. Down to using the same subnets etc with no changes made to the remote side.
Seems to me that means there has to be a configuration issue of some sort on the PAN side. Any advice as to what I could check?
09-22-2023 11:45 AM
We worked with an engineer today, and again, I don't know anything about PAN software, but we had to setup the Proxy IDs. Once we setup Proxy IDs for the remote side, everything starting working.
09-20-2023 07:21 AM
Maybe one additional relevant piece of information, is the https traffic is ultimately a public ip address. So the intent is a specific CIDR is going across the tunnel and then being routed to the appropriate service on the remote side, but returning back through the tunnel.
Again, we have verified the remote side works as intended via a cloud to cloud VPN connection.
09-22-2023 11:45 AM
We worked with an engineer today, and again, I don't know anything about PAN software, but we had to setup the Proxy IDs. Once we setup Proxy IDs for the remote side, everything starting working.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
