Hello Friends !
I am new to palo alto network ,i starting to understand and learn palo alto network firewall some time back .
I have setup a firewall panos 9.04 on ubuntu with kvm using bridge connection and vlan ( i want to setup a passthroguth but due to iommu group i am fail to do so)
my isp (with rj 45) is providing me dhcp address with vlan i am able to get/reslove ip address .
my problem is how to setup snat or/and virtual route
Take DNS out of the equation and try running a simple ICMP request to an IP that you know to accept ICMP traffic (18.104.22.168, 22.214.171.124, ect) and see if you get a response. You likely won't; your logs don't see a session_end_reason, but I imagine that the traffic is aging out. Verify that you have your routes setup correctly.
The problem was my isp throw login page to get start and that was not coming i dont know after running dhcp with inherited fix then problem ? i was using opendns
Sorry ,this is my 1st setup i have many question then answers so very very honestly i dont know what was problem hope you understand
i was using astaro firewall about 8-10 years back(after sophos took over stop selling ) ,i am small reseller but now i had 2-3 inquiry about paloalto firewall so i want to start using firewall (some years back i talk to palo alto network people in india that time they told me that they was just focus on large network so i drop idea learning palo alto but now i have inquiry form very old customer who want to shift )
i have to go long way in learning .don't have proper lic even
Edit : but i have many issues /question with setup
Thanks you !
I would strongly suggest you to start using Home : Beacon (paloaltonetworks.com)
There are tones of studing materials and most of them are free to access.
If you run virtual firewall without license you will not be able to use any of the "deep inspection" features (like IPS, AV, etc) and also the number of concurrent connections is limited. You wouldn't see any log enrty again because you don't have license. But for complete beginner as you will be still great, because you can poke with everything and test the basic stuff like routing, nat and basic layer4 rules (you may even run remote access vpn).
Register to the Beacon and without virtual FW beside you I believe most of your questions will be answered.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!