07-26-2022 08:30 AM
Hi all,
I have a PA220 managed with Panorama. Very cool mgmt and very powerful. Only the PA220 is a bit slow.
My Situation - I have two internet connections (Eth 1/1 and 1/7) with fixed IP. Both have their own VR and therefore both have a null route. And both have own untrust1 and untrust2 zone.
All my clients 10.10.10.x/24 are in trust1 zone and can connect by vr1 to www. Now I will set some clients by a PBF Rule to go all www traffic forward to eth 1/7 and next hop the public IP from eth1/7.
It doesn't want to work the way I think it should.
In the traffic monitor I see the traffic that is also allowed. Zones are also allowed access, which fits. I have a suspicion that something is not working with the return route.
In vr2 I have already set a route that when it goes to network 10.10.10.x/24 it should go to the next VR1.
But that doesn't help either.
Anyone have an idea what it could be?
Have worked like this https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/policy/policy-based-forwarding/use-case-p... but there same routers are used.
07-27-2022 10:27 PM
Hi @clonesheep ,
Can you check Symmetric Return settings on the router?
Select Enforce Symmetric Return
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
