I am facing an issue where I setup my PA-850 as a transparent mode (virtual wire) and set the policy as default to allow all the traffic. Connection of my PA-850 is in between router and core switch. I can see all the traffic is passthrough the PA-850 without any issue however, some of the user from other branch connect through Anyconnect VPN of their branch ASA firewall unable to reach to my internal server due to my PA-850. I try to filter in monitor tab and check the source or destination ip address of the branch ASA firewall and nothing is showing. Temporary solution is to set my router directly connect to the core switch (bypass PA-850) and then user that connect through Anyconnect VPN able to reach my internal server. any idea what is the reason for this ?
if you set your policy as default, you will be silently (no log) dropping connections that are not being allowed
you can resolve that by setting a drop rule at the end of your policy that logs all denied vonnections, or override and edit the default rule to log-at-end
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!