Simple FW Setup

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Simple FW Setup

L0 Member

I have a PA-200 that I'm trying to set up in a simple lab environment. Eth1 is configured as a layer 3 interface with a public IP on it and Eth2 is configured as a layer 3 interface with an internal IP address on it. Eth2 is configured to hand out DHCP requests to internal client, which happens successfully and the internal clients can also ping their default gateway, which is the IP on interface Eth2. Also, while connecting to the PA-200 via SSH, I am able to successfully ping internet hosts, however, the internal hosts can not access the external hosts. I have the NAT set up properly as well as the access rules. The weird part about all of this is that connectivity to the internet works for approximately 10-15 seconds after a reboot of the PA-200. This is happening on two separate boxes, so I do not believe it is a hardware issue. I guess my question is has anyone seen this before, or have any configurations ideas to correct this?

1 accepted solution

Accepted Solutions

L0 Member

This issue came down to duplicating the public IP address. We have a block of static IP addresses...when I reboot the FW, communication works for approximately 10-15 seconds until the router figures out another device already has that IP. There were not any logs on the PA-200 that indicated this...I just tried to use another IP in our net block. Thank you all for your suggestions.

View solution in original post

6 REPLIES 6

L7 Applicator

Could you please share/upload your firewall config in an xml file, so that I will test in my PA-200 FW and let you know the corrective action should be taken.

Thanks

L6 Presenter

Is your internal network flat and all devices are pointing to the PA-200 as their default gateway?  If so, how many hosts are on your network as the total count may exceed the ARP table on the PA-200.  Thanks.

L4 Transporter

Hello

what do you configured as default gateway for internet access?

could your public ip ping this default gateway?

regard's

L7 Applicator

The issue will be with either the security policy or the nat policy.

On the monitor tab have a look at both security and nat logs after the attempts to reach the internet from the internal hosts.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

L0 Member

This issue came down to duplicating the public IP address. We have a block of static IP addresses...when I reboot the FW, communication works for approximately 10-15 seconds until the router figures out another device already has that IP. There were not any logs on the PA-200 that indicated this...I just tried to use another IP in our net block. Thank you all for your suggestions.

jl5678 can you mark this question as answered?

  • 1 accepted solution
  • 3101 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!