I have a bizarre situation and I'm wondering if anyone has seen it before. We are currently using a pair of 5050s in Active/Passive. They are configured with a very simple OSPF instance and have their default route injected via that OSPF instance. They are each connected via a single link to our ISP, let's call those interfaces on the ISP's end 10.10.20.89 and 10.10.20.91 for the sake of discussion. The two ISP switches we connect to share a L2 link between them, so that no matter which one is hot from the ISP's perspective, our traffic will flow to either 89 or 91, and then either directly out the interface facing the ISP or across the L2 link to the other switch and out that device to the ISP. Hopefully that makes sense.
Currently, some traffic simply isn't reaching us. Our ISP shows it traversing their network, but we never see traffic arrive at the external interface of the active firewall. Are we doing something unsupported or do I need to poke my ISP about a routing issue on their end?
1-which kind of traffic is not seen on the external interface of the firewall ?
2-do you use VLANs on the external side of your firewall ?
3-which PAN-OS-version do you use ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!