- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- 5G
- IoT Security
- Prisma SD-WAN
Network Security
- Prisma Access
- Prisma SaaS
- Prisma Cloud
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
- LIVEcommunity
- Collaboration
- Discussions
- General Topics
- Is it possible ! How to get internet from dhcp client with vlan
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Is it possible ! How to get internet from dhcp client with vlan
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
3 weeks ago
Hello Friends !
I am new to palo alto network ,i starting to understand and learn palo alto network firewall some time back .
I have setup a firewall panos 9.04 on ubuntu with kvm using bridge connection and vlan ( i want to setup a passthroguth but due to iommu group i am fail to do so)
my isp (with rj 45) is providing me dhcp address with vlan i am able to get/reslove ip address .
my problem is how to setup snat or/and virtual route
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
3 weeks ago
if your interface is DHCP client, you can set up a SNAT rule bound to the interface without defining the IP
the virtual router automatically learns the default route if you enable the interface to accept it
Like my answer? check out my book! https://bit.ly/MasteringPAN
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
3 weeks ago
Thanks !
I did this part but i am not able to get internet in session browser i can see lot of traffic with dns only .
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
3 weeks ago
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
3 weeks ago
Take DNS out of the equation and try running a simple ICMP request to an IP that you know to accept ICMP traffic (9.9.9.9, 8.8.8.8, ect) and see if you get a response. You likely won't; your logs don't see a session_end_reason, but I imagine that the traffic is aging out. Verify that you have your routes setup correctly.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
3 weeks ago - last edited 3 weeks ago
@reaper @BPry Thanks .To be very honest there was no problem or may be some issuse
The problem was my isp throw login page to get start and that was not coming i dont know after running dhcp with inherited fix then problem ? i was using opendns
Sorry ,this is my 1st setup i have many question then answers so very very honestly i dont know what was problem hope you understand
i was using astaro firewall about 8-10 years back(after sophos took over stop selling ) ,i am small reseller but now i had 2-3 inquiry about paloalto firewall so i want to start using firewall (some years back i talk to palo alto network people in india that time they told me that they was just focus on large network so i drop idea learning palo alto but now i have inquiry form very old customer who want to shift )
i have to go long way in learning .don't have proper lic even
Edit : but i have many issues /question with setup
Thanks you !
shrikant
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
3 weeks ago
Hi @shrikant,
I would strongly suggest you to start using Home : Beacon (paloaltonetworks.com)
There are tones of studing materials and most of them are free to access.
If you run virtual firewall without license you will not be able to use any of the "deep inspection" features (like IPS, AV, etc) and also the number of concurrent connections is limited. You wouldn't see any log enrty again because you don't have license. But for complete beginner as you will be still great, because you can poke with everything and test the basic stuff like routing, nat and basic layer4 rules (you may even run remote access vpn).
Register to the Beacon and without virtual FW beside you I believe most of your questions will be answered.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
3 weeks ago
Thanks for information !
Will explore it.
Thank you !
- When a user is connected using Global Protect VPN and try login into the adobe acrobat pro-DC application, GP VPN kick out from the adobe program. in GlobalProtect Discussions
- GlobalProtect deletes local default route upon disconnect in GlobalProtect Discussions
- AZURE ILB healthcheck Fails because of MS Public IP (168.63.129.16) in VM-Series in the Public Cloud
- Finally have pre-login working - but now in General Topics
- GP client upgrade issues fails in GlobalProtect Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
