This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Help me to fix this issues /possible solution

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Help me to fix this issues /possible solution

Zola12
L1 Bithead

‎04-22-2024 02:22 AM

 I am going to configure  Palo alto 5250 firewall to   branch   Huawei router  

The device is not physically connected ,  i try to  do static route from Palo alto to  Huawei router router but the network is not reachable.

 

kindly support me how to fix   type of issues ,

 

Help me also kindly  suggest me new solution for this type of network scenario 

 

 

Zola12_0-1713777708464.png

 

 

 

 

 

 

 

 

0 Likes Likes
5 REPLIES 5

seb_rupik
L4 Transporter

‎04-22-2024 06:08 AM

Hi there,

You have one of two options, either source-NAT the traffic leaving the PA and Hauwei have a corresponding static-NAT at the destination and have it travel 'in the clear' across the telecom network. Or, create a Layer3 IPSec tunnel between the PA and Huawei and route directly between them.

Using the tunnel would be the preferred option as it will protect your traffic flows from snooping and interception. It will also allow you to configure a dynamic routing protocol between the two sites to share prefixes.

This option is the most scalable as the dynamic routing will handle increases in target IPs and not require additional static-NAT configuration.

 

Whichever solution you choose, you will need to configure a security policy on both the PA and Huawei to let the traffic flows into the sites.

 

cheers,

Seb.

0 Likes Likes

Zola12
L1 Bithead
In response to seb_rupik

‎04-22-2024 11:10 PM

What type of interface  used to do source-NAT in the PA side ,   sub interface  ?    also in Huawei router side  ?  since  not physical connection 

0 Likes Likes

seb_rupik
L4 Transporter
In response to Zola12

‎04-24-2024 01:32 AM

Hi there,

By its design source-NAT must be configured on a layer3 interface: physical, physical sub-interface, VLAN.

 

cheers,

Seb.

0 Likes Likes

Zola12
L1 Bithead
In response to seb_rupik

‎04-25-2024 06:27 AM

Dear Friend

Still not solved , ping from firewall to remote router is working but ping from remote router to firewall is not still working. Also i cant ping 8.8.8.8 from Palo alto maybe if the issue is linked with. I can't ping  a Firewall interface side 

 

Zola12_0-1714051613184.png

 

 

 

 

0 Likes Likes

jfernandez1
L2 Linker
In response to Zola12

‎04-25-2024 06:33 AM

Could you please check if the management profile is correctly applied on the interface you are trying to ping?

https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-networking-admin/configure-interfaces/use-inter...

Senior Network Security Engineer
PCNSE | CCNP | JNCIP
0 Likes Likes
  • 588 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks