01-23-2014 07:48 AM
I have a PA-200 that I'm trying to set up in a simple lab environment. Eth1 is configured as a layer 3 interface with a public IP on it and Eth2 is configured as a layer 3 interface with an internal IP address on it. Eth2 is configured to hand out DHCP requests to internal client, which happens successfully and the internal clients can also ping their default gateway, which is the IP on interface Eth2. Also, while connecting to the PA-200 via SSH, I am able to successfully ping internet hosts, however, the internal hosts can not access the external hosts. I have the NAT set up properly as well as the access rules. The weird part about all of this is that connectivity to the internet works for approximately 10-15 seconds after a reboot of the PA-200. This is happening on two separate boxes, so I do not believe it is a hardware issue. I guess my question is has anyone seen this before, or have any configurations ideas to correct this?
02-26-2014 01:18 PM
This issue came down to duplicating the public IP address. We have a block of static IP addresses...when I reboot the FW, communication works for approximately 10-15 seconds until the router figures out another device already has that IP. There were not any logs on the PA-200 that indicated this...I just tried to use another IP in our net block. Thank you all for your suggestions.
01-23-2014 09:57 AM
Could you please share/upload your firewall config in an xml file, so that I will test in my PA-200 FW and let you know the corrective action should be taken.
Thanks
01-27-2014 10:28 AM
Is your internal network flat and all devices are pointing to the PA-200 as their default gateway? If so, how many hosts are on your network as the total count may exceed the ARP table on the PA-200. Thanks.
01-27-2014 02:40 PM
Hello
what do you configured as default gateway for internet access?
could your public ip ping this default gateway?
regard's
01-27-2014 05:26 PM
The issue will be with either the security policy or the nat policy.
On the monitor tab have a look at both security and nat logs after the attempts to reach the internet from the internal hosts.
02-26-2014 01:18 PM
This issue came down to duplicating the public IP address. We have a block of static IP addresses...when I reboot the FW, communication works for approximately 10-15 seconds until the router figures out another device already has that IP. There were not any logs on the PA-200 that indicated this...I just tried to use another IP in our net block. Thank you all for your suggestions.
02-27-2014 07:08 AM
jl5678 can you mark this question as answered?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
