09-14-2024 03:38 PM
Dear Members,
I need some help regarding the Paloalto firewall. We are managing the firewalls using the Panorama. I am new in the environment. I have been told that the source subnet resides in the inside zone hence I added the source group in the inside zone configured it correctly.
In the firewalls logs I can see that the traffic has started hitting the rule (which looks good). But for some reasons the user is reporting that he can not access the service and says that he is getting the error that the port is not reachable but we can see that the traffic on port 443 is allowed. In he below we can see that the traffic is allowed and the source zone is inside (interface ae3.99). the picture is from panorama gui.
Just to make sure I logged into the CLI of the firewall and checked the routing table and zone of the source subnet. Here I am amazed to see that the CLI is showing a different source zone for the same IP address. here it is showing that the source interface is ae3.199 which is a different zone then inside.
The routing table also states that the traffic from the subnet 10.151.0.0/16 belongs to the different zone (other than Inside).
Now I am curious that the Panorama GUI is showing that the source IP 10.151.103.124 belongs to the Inside zone. But the CLI in firewall and routing table states that the same IP belongs to the different zone. Someone please help me how to rectify and resolve this issue? what could be the cause of this problem?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
