01-25-2023 09:56 AM
I am in the process of migrating from a pa220 os 10.1 to a pa440 os 10.1.3. I imported the configuration from the pa 220 to the pa440 I ran into three issues:
1.we are getting 1gig from the ISP and even with Qos disabled we are only getting 150mbps
2. We have a toshiba phone system not IP every thing works except when calling location B across the ipsec tunnel, the call goes through and we can hear them talk but they cannot hear us and I have already disabled ALG
3. We were able to access the internal camera system remotely and now we can't
Compared config and they match,scratching my head.
01-25-2023 08:02 PM
1.we are getting 1gig from the ISP and even with Qos disabled we are only getting 150mbps
Have you verified counters? If you've been testing without security profiles applied, speed/duplex have been verified, and you have QoS disabled the 450 shouldn't have any issues with that. The only other thing that I've seen cause similar issues (to a far lesser extent) is when the firewall is behind another device performing a double NAT.
2. We have a toshiba phone system not IP every thing works except when calling location B across the ipsec tunnel, the call goes through and we can hear them talk but they cannot hear us and I have already disabled ALG
You've verified that you don't have any traffic between location B and your primary location being denied? Either to the phone system itself or to the other phone if media bypass is enabled on the phone system for internal calls?
3. We were able to access the internal camera system remotely and now we can't
How were you able to access it before, directly to the IP/FQDN or by using GlobalProtect? Combined with your first question, did you also upgrade your internet when you swapped to the PA-450? Is it possible that you replaced some ISP gear that wasn't put into passthrough mode and is performing its own NAT; this would explain the broken camera system access if you were accessing it directly by IP/FQDN.
01-26-2023 06:05 AM - edited 01-31-2023 07:35 AM
Have you verified counters? Which counters are you referring too the ISP tested and said there was 1 gig coming to the modem.
If you've been testing without security profiles applied no I have profiles,
speed/duplex have been verified -you mean of the pc,s and switch the pc's are on?,
and you have QoS disabled -yes and the speed went from 50 to 150
The only other thing that I've seen cause similar issues (to a far lesser extent) is when the firewall is behind another device performing a double NAT.- not sure how to check that all I have it natted to the external IP and the net hop in the vr is the modem
You've verified that you don't have any traffic between location B and your primary location being denied? - yes the configuration is exactly the same as on the pa 220 that I migrated from , I imported it directly to the 440. This is not a voip they do not have IP phones it is going from the PBX ip on our side to a IP address of the PBX on the remote site across a ipsec tunnel.
How were you able to access it before, directly to the IP/FQDN or by using GlobalProtect? -direct by the external IP address no gpvpn. The internet speed was upgraded quite awhile ago but they were limited by the PA 220 that is why we are upgrading them to PA440
Is it possible that you replaced some ISP gear that wasn't put into passthrough mode and is performing its own NAT; this would explain the broken camera system access if you were accessing it directly by IP/FQDN. - the ISP came and checked it out and the only thing they said was the that traffic was being shapped I am sure they meant we were doing it
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
