This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

Internal traffic is hitting in the isp firewall

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Internal traffic is hitting in the isp firewall

Javith_Ali
L2 Linker

‎06-05-2017 12:26 AM

Palo alto is perimeter to customer which is connected to isp firewall.

Internal subnet traffics which are not allowed in isp/ untrust interface are hitted in isp firewall.
Routing is proper. ARP is proper in isp interface( only next hop arp is there)

Implicit deny policy blocking the interzone traffic trust to untrust.

We don't have any clue how our internal private ip address communication is going to ISP firewall.

There is no allowed security policyfor reported internal ip's and routing is proper.
0 Likes Likes
17 REPLIES 17

TranceforLife
L6 Presenter

‎06-05-2017 01:04 AM

Do you have logs showing the same? Do you know if the course of the traffic is the client(s) ip addresses or actually firewall itself?

0 Likes Likes

Javith_Ali
L2 Linker
In response to TranceforLife

‎06-05-2017 01:25 AM

Thanks for reply.

 

there is no logs showing for the same(means internal to Untrust).

 

However i can see the logs for the same reported IP's from trust to DMZ subnet (it is taking the actual route configured in VR).

 

we are getting the report from ISP on Weekly basis. ISP is sharing the different IP's (on weekly basis) but same source subnet (trust) and destination subnet (DMZ).

 

These IP's are not configured in firewall. client IP's only. Please suggest

 

 

0 Likes Likes

Javith_Ali
L2 Linker

‎06-05-2017 01:31 AM

 

we have tried to configure the pcaps filter from trust to untrust subnet   (which should not be allowed and routing also not there).

 

But we can filter using ingress interface only. There is no option for egress in pcaps.

 

So we dont want to configure above filter for reported subnets as this will capture whole legitimate traffics  going to DMZ as well.

 

 

0 Likes Likes

TranceforLife
L6 Presenter
In response to Javith_Ali

‎06-05-2017 01:32 AM

Ok. Do you have log enable on the policies so you can confirm if that traffic is actually traversing the firewall and not taking the "alternative" route? Logs will be generated as soon as the traffic is passing the firewall. Logs will not be generated if the traffic is not passing the firewall or for the traffic generated by firewall itself.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks