This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

PBF policy not working.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

PBF policy not working.

debsPal0
Not applicable

‎06-14-2011 07:52 AM

Hi,

I have packets that arrive on interface eth1/10 that I need to be forwarded back out of eth1/10 with a next hop address of another router on that subnet. I have created a pbf rule that I hope would achieve this however it is currently not working. It looks like the following :

==========================================================

Interface eth1/10 IP : 3.3.3.1

Interface eth1/10 Zone : dummy-zone1

Source Zone : dummy-zone1

Source Address : any

User : any

Destination Address : [*NEGATE* : 1.1.1.1] (so I would like the pbr rule to apply to all traffic that does not match the configured address i.e.2.2.2.2)

Application : any

Service : any

Action : forward

Forwarding Egress I/F : eth1/10

Next Hop : 3.3.3.2

No Monitoring

==========================================================

Unfortuanly I am not currently familiar enough with PA to run any extensive debugging. Also, is it possible to apply a pbr policy with an egress interface being the same as the source interface?

I have substituted the real IP addressing with dummy addressing in the example above.

Any comments or suggestions would be appreciated, this is my first post so be gentle 🙂

Regards,

James.

0 Likes Likes
1 REPLY 1

skrall
L4 Transporter

‎06-15-2011 12:24 PM

There is no way to specify traffic that came in on Eth1/10 needs to go out on Eth1/10. PBF is based on  zones, IPs, App and Service. If the traffic on on Eth1/10 all comes from a small set of networks, you can just add static routes to direct traffic back out the same interface.

PBFis used to defeat or override the routing table. If this is a 2 ISP scenario and traffic that comes in from ISP1 interface should go out the ISP1 interface you might try usng NAT to manipulate the source IP but this gets complicated quickly. You probably need to test this and open a support call if you get stuck.

Steve Krall

  • 2078 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks