- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
02-03-2025 11:45 AM
hi guys, i'm trying to set up a new Palo Alto firewall, a PA 440, for a customer. But they want minimal impact on their network and don't want to change anything, so i proposed setting up a vWire so they change nothing and can benefit from the inspection features of the new Palo box.
pretty much here's how it kinda looks like:
ISP Router --> Core Switch --> PA 440 --> Existing Firewall --> LAN
Following the official documentation, i set up 2 vWire interfaces with a zone for each and i create a policy to allow everything, with just antivirus and vulnerabilty profile activated, the idea being i'll tighten it later
but there is no connectivity to the internet: pings are not responsive and websites don't load. in the monitor logs, i see all requests are allowed, but they all say application is incomplete
what have i missed ?
02-04-2025 12:02 PM
Hello,
Most of the time when I see the application as 'unknown' its a connectivity issue. Also I would suggest putting the PAN between the existing firewall and the clients so you can see that traffic and build policies on it. Also make sure your policie(s) allow traffic in both directions.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!