For details on cookie usage on our site, read our Privacy Policy
intra-interface (packets enter and exit same interface) ?
- LIVEcommunity
- Discussions
- General Topics
- Re: intra-interface (packets enter and exit same interface) ?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
- Mark as New
- Subscribe to RSS Feed
- Permalink
01-09-2017 04:57 AM
This is a problem for other vendors (and something must be enabled/configured to allow this to occur).
Have not tried this in PANOS, but wondering if this just works or is it a similar scenario where you must enable something in PANOS ?
- Mark as New
- Subscribe to RSS Feed
- Permalink
01-09-2017 06:08 AM - edited 01-09-2017 06:09 AM
- Mark as New
- Subscribe to RSS Feed
- Permalink
01-09-2017 07:59 AM - edited 01-09-2017 07:59 AM
TranceforLife wrote:
Hi,
If you are running PAN-OS 6.1 or above intrazone traffic permitted by default with intrazone-defult policy.
If you are running lower then 6.1 PAN-OS you ahve to create a policy to allow same zone traffic:
Thx,
Myky
that's incorrect, intrazone traffic has always been allowed. PAN-OS 6.1 just made the policies visible 🙂
Depending on what you're trying to accomplish, you may need U-turn NAT to force returning packets back to the firewall interface so sessions process both directions of the flow: How to Configure U-Turn NAT
other than that there's no restrictions in bouncing traffic back out of the same interface
PANgurus - SASE and Strata specialist; (co)managed services, VAR and consultancy
- Mark as New
- Subscribe to RSS Feed
- Permalink
01-09-2017 03:34 PM
- Global Protect Virtual adapter not installed on ARM64 win 11 device in GlobalProtect Discussions
- IKE phase 1 not working in General Topics
- dhcp on L3 or Vlan interface in General Topics
- Slow webpage Load times in VM-Series in the Public Cloud
- After an upgrade to version 10.2.3 h4 I got this message: 2023/03/08 20:52:23 info general general 0 Received conflicting ARP on interf in Next-Generation Firewall Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
