issues with traffic passing through vWire

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

issues with traffic passing through vWire

L1 Bithead

hi guys, i'm trying to set up a new Palo Alto firewall, a PA 440, for a customer. But they want minimal impact on their network and don't want to change anything, so i proposed setting up a vWire so they change nothing and can benefit from the inspection features of the new Palo box.

pretty much here's how it kinda looks like:

ISP Router --> Core Switch --> PA 440 --> Existing Firewall --> LAN

Following the official documentation, i set up 2 vWire interfaces with a zone for each and i create a policy to allow everything, with just antivirus and vulnerabilty profile activated, the idea being i'll tighten it later

but there is no connectivity to the internet: pings are not responsive and websites don't load. in the monitor logs, i see all requests are allowed, but they all say application is incomplete

what have i missed ?

1 REPLY 1

Cyber Elite
Cyber Elite

Hello,

Most of the time when I see the application as 'unknown' its a connectivity issue. Also I would suggest putting the PAN between the existing firewall and the clients so you can see that traffic and build policies on it. Also make sure your policie(s) allow traffic in both directions.

  • 255 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!