Had a very odd issue yesterday,
I created two new Bi-Directional nat rules [seperate NAT IP's] to the outside world, one worked fine the other did not...
One server could not get to the outside world..
The NAT matched [OK],
The Security Rule Matched [OK],
Searched the configs [and old ones] for any possible clash with the NAT IP "X.X.X.115", Nothing.....
I could see some traffic had started hitting that external address, but stopped.
Nothing in session browser.
On a hunch I changed the NAT IP "X.X.X.117" And eveything now works..
Can't fathom what possibly could have been wrong as routing must be fine, and the previous address was not blocked by security or used elsewhere...
I may swap it back and have a play.
You know that moment when something dawns on you that should be bleeding obvious!!!
Pinging the external IP got a solid response.
Traceroute got same results to 115 and 117.
Packet capture shows nothing.
What on earth could be resp......Oh wait.
The clue should have been in the Source of the traffic shown briefly yesterday. It was from our SIP telco provider that used to be on the firewall [although on a different IP]
Someone [ME] Moved this SIP service back in August to a different device as the Palo kept locking up the SIP/RTP session after a few weeks...... That other device has the IP address..
Looking in the system log of the PA, I found "Received Conflicting ARP on interface...... Duplicating IP...."
So mystery solved, no interruption to the Phone service fortunatly..
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!