Is it possible ! How to get internet from dhcp client with vlan

cancel
Showing results for 
Search instead for 
Did you mean: 

Is it possible ! How to get internet from dhcp client with vlan

L1 Bithead

Hello Friends !

 

I am new to palo alto network ,i starting to understand and learn palo alto network firewall some time back .

I have setup a firewall panos 9.04 on ubuntu with kvm using bridge connection and  vlan  ( i want to setup a passthroguth but due to iommu group i am fail to do so)

my isp (with rj 45) is providing me dhcp address  with vlan i am able to get/reslove ip address .

my problem is how to setup snat or/and virtual route

7 REPLIES 7

L7 Applicator

if your interface is DHCP client, you can set up a SNAT rule bound to the interface without defining the IP

2021-04-20_13-50-21.png

 

the virtual router automatically learns the default route if you enable the interface to accept it

2021-04-20_13-52-26.png

Tom Piens
Like my answer? check out my book! https://bit.ly/MasteringPAN

Thanks !

I did this part but i am not able to get internet in session browser  i can see lot of traffic with dns only .

Screenshot from 2021-04-20 16-09-56.pngScreenshot_2021-04-20 PA-VM(1).pngScreenshot_2021-04-20 PA-VM.png

@shrikant,

Take DNS out of the equation and try running a simple ICMP request to an IP that you know to accept ICMP traffic (9.9.9.9, 8.8.8.8, ect) and see if you get a response. You likely won't; your logs don't see a session_end_reason, but I imagine that the traffic is aging out. Verify that you have your routes setup correctly. 

@reaper  @BPry  Thanks .To be very honest there was no problem or may be some issuse 

 

The problem was my isp throw login page to get start and that was not coming i dont know after running dhcp with inherited fix then problem ? i was using opendns

 

Sorry ,this is my 1st setup i have many question then answers so very very honestly i dont know what was problem hope you understand

i was using astaro firewall about 8-10 years back(after sophos took over stop selling ) ,i am small reseller but now i had 2-3 inquiry about paloalto firewall so i want to start using firewall (some years back i talk to palo alto network people in india that time they told me that they was just focus on large network so i drop idea learning palo alto but now i have inquiry form very old customer who want to shift )

i have to go long way in learning .don't have proper lic even (download panos  from youtube link   )

Edit : but i have many issues /question  with setup why and how i am able to browse internet on host ( firewall and host on same subnet )

Thanks you !

shrikant

Hi @shrikant,

I would strongly suggest you to start using Home : Beacon (paloaltonetworks.com) 

There are tones of studing materials and most of them are free to access.

 

If you run virtual firewall without license you will not be able to use any of the "deep inspection" features (like IPS, AV, etc) and also the number of concurrent connections is limited. You wouldn't see any log enrty again because you don't have license. But for complete beginner as you will be still great, because you can poke with everything and test the basic stuff like routing, nat and basic layer4 rules (you may even run remote access vpn).

 

Register to the Beacon and without virtual FW beside you I believe most of your questions will be answered.

Thanks for information !

 

Will explore it.

Thank you !

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!