Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Help me to fix this issues /possible solution

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Help me to fix this issues /possible solution

L1 Bithead

 I am going to configure  Palo alto 5250 firewall to   branch   Huawei router  

The device is not physically connected ,  i try to  do static route from Palo alto to  Huawei router router but the network is not reachable.

 

kindly support me how to fix   type of issues ,

 

Help me also kindly  suggest me new solution for this type of network scenario 

 

 

Zola12_0-1713777708464.png

 

 

 

 

 

 

 

 

5 REPLIES 5

L4 Transporter

Hi there,

You have one of two options, either source-NAT the traffic leaving the PA and Hauwei have a corresponding static-NAT at the destination and have it travel 'in the clear' across the telecom network. Or, create a Layer3 IPSec tunnel between the PA and Huawei and route directly between them.

Using the tunnel would be the preferred option as it will protect your traffic flows from snooping and interception. It will also allow you to configure a dynamic routing protocol between the two sites to share prefixes.

This option is the most scalable as the dynamic routing will handle increases in target IPs and not require additional static-NAT configuration.

 

Whichever solution you choose, you will need to configure a security policy on both the PA and Huawei to let the traffic flows into the sites.

 

cheers,

Seb.

What type of interface  used to do source-NAT in the PA side ,   sub interface  ?    also in Huawei router side  ?  since  not physical connection 

Hi there,

By its design source-NAT must be configured on a layer3 interface: physical, physical sub-interface, VLAN.

 

cheers,

Seb.

Dear Friend

Still not solved , ping from firewall to remote router is working but ping from remote router to firewall is not still working. Also i cant ping 8.8.8.8 from Palo alto maybe if the issue is linked with. I can't ping  a Firewall interface side 

 

Zola12_0-1714051613184.png

 

 

 

 

Could you please check if the management profile is correctly applied on the interface you are trying to ping?

https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-networking-admin/configure-interfaces/use-inter...

Senior Network Security Engineer
PCNSE | CCNP | JNCIP
  • 900 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!