Hello- Just recently migrated from an old Checkpoint to a PA-500. PA is setup in a Layer 3 configuration. So far so good with the exception of one thing. My remote location isn't able to get internet access. This remote location gets internet from my head end location as they do not have their own internet circuit. Everything for internal access works perfectly. This was working with the previous Checkpoint so it isn't a routing issue at the remote location. If I do a tracert from that remote location the trace stops at the trusted interface of the PA.
I have an outbound rule in place from Trust to Untrust and any application, but this is obviously not covering it for this remote location.
Any advice? I feel like I'm missing something really, really simple here.
Thanks in advance!
Is it possible for you to setup a simple drawing for how everything is connected?
As debug (if possible) you could in the PA setup a rule at top which says:
From zone: Any
From address: Any
From user: Any
To zone: Any
To address: Any
Options: Log on session start + Log on session end
The above would allow anything back and forth through your PA. The idea is if the above doesnt work then you have a malfunction regarding routing OR nating in your PA-box - or something bad going on at your remotesite.
So I would verifiy that the routing is correct at the PA-box (so the PA-box knows which interface to use to reach your remote site) but also verify so NAT-rules (if any) are correctly setup.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!