- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
- AIOps for NGFW
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- Cloud NGFW for AWS
- CN-Series
- VM-Series:
- Private Cloud
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
- COVID-19 Response Center
Is it possible ! How to get internet from dhcp client with vlan
- LIVEcommunity
- Collaboration
- Discussions
- General Topics
- Is it possible ! How to get internet from dhcp client with vlan
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Is it possible ! How to get internet from dhcp client with vlan
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
04-20-2021 04:33 AM
Hello Friends !
I am new to palo alto network ,i starting to understand and learn palo alto network firewall some time back .
I have setup a firewall panos 9.04 on ubuntu with kvm using bridge connection and vlan ( i want to setup a passthroguth but due to iommu group i am fail to do so)
my isp (with rj 45) is providing me dhcp address with vlan i am able to get/reslove ip address .
my problem is how to setup snat or/and virtual route
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
04-20-2021 04:53 AM
if your interface is DHCP client, you can set up a SNAT rule bound to the interface without defining the IP
the virtual router automatically learns the default route if you enable the interface to accept it
PANgurus
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
04-20-2021 05:28 AM
Thanks !
I did this part but i am not able to get internet in session browser i can see lot of traffic with dns only .
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
04-20-2021 06:17 AM
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
04-20-2021 09:14 AM
Take DNS out of the equation and try running a simple ICMP request to an IP that you know to accept ICMP traffic (9.9.9.9, 8.8.8.8, ect) and see if you get a response. You likely won't; your logs don't see a session_end_reason, but I imagine that the traffic is aging out. Verify that you have your routes setup correctly.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
04-20-2021 11:07 AM - edited 04-20-2021 11:28 AM
@reaper @BPry Thanks .To be very honest there was no problem or may be some issuse
The problem was my isp throw login page to get start and that was not coming i dont know after running dhcp with inherited fix then problem ? i was using opendns
Sorry ,this is my 1st setup i have many question then answers so very very honestly i dont know what was problem hope you understand
i was using astaro firewall about 8-10 years back(after sophos took over stop selling ) ,i am small reseller but now i had 2-3 inquiry about paloalto firewall so i want to start using firewall (some years back i talk to palo alto network people in india that time they told me that they was just focus on large network so i drop idea learning palo alto but now i have inquiry form very old customer who want to shift )
i have to go long way in learning .don't have proper lic even 🙂 (download panos from youtube link 🙂 )
Edit : but i have many issues /question with setup 🙂 why and how i am able to browse internet on host ( firewall and host on same subnet )
Thanks you !
shrikant
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
04-21-2021 04:42 AM
Hi @shrikant,
I would strongly suggest you to start using Home : Beacon (paloaltonetworks.com)
There are tones of studing materials and most of them are free to access.
If you run virtual firewall without license you will not be able to use any of the "deep inspection" features (like IPS, AV, etc) and also the number of concurrent connections is limited. You wouldn't see any log enrty again because you don't have license. But for complete beginner as you will be still great, because you can poke with everything and test the basic stuff like routing, nat and basic layer4 rules (you may even run remote access vpn).
Register to the Beacon and without virtual FW beside you I believe most of your questions will be answered.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
04-21-2021 05:48 AM
Thanks for information !
Will explore it.
Thank you !
- SSL Decryption bug in PAN-OS 9.1.14 in General Topics
- GP on Windows 11 - client certificate issue in General Topics
- Issue passing traffic with Global Protect client 5.2.9 or later in GlobalProtect Discussions
- Memory Corruption Exploit in Threat & Vulnerability Discussions
- Vpnc client region null in General Topics
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
