10-17-2016 06:20 AM
the voice traffic blocked when i use virtual wire it said insufficant data
when i remove palo alto from the traffic everything goes fine
10-17-2016 08:31 AM
Hi,
Does your voice traffic use 802.1Q VLAN tags? If so then you will need to implement subinterfaces to handle this traffic, even in vwire deployment.
https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/networking/virtual-wire-deployments
hope this helps,
Ben
10-18-2016 04:24 AM - edited 10-18-2016 04:28 AM
in case of the vlan tags you wouldn't necessarily need to create subinterfaces, enabling vln tags in the vwire should be enough
also: did this issue start occurring immediately after introducing the vwire and did you wait long enough for it to correct itself?
when introducing a vwire, any existing sessions will be blocked as there was never a handshake seen by the firewall and so no session was created to allow the traffic to pass through. eventually all sessions should gracefully reestablish but some applications may take a long time to 'autocorrect'
you could try disabling non-syn drop mechanism for a while:
> set session tcp-reject-non-syn no
dont leave this setting disabled for too long, just long enough for sessions to reestablish and you are satisfied everything works, then turn it back on again
> set session tcp-reject-non-syn yes
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
