03-20-2025 07:19 AM
Hi,
if the remote peer require local palo alto to set proxy IDs, what happens if the proxy IDs at PAN side doesn't match the ones at remote? would this cause any issue i.e traffic gets dropped or does palo alto forward the traffic down the tunnel as long as there is a route.
Thanks
03-23-2025 09:54 PM - edited 03-23-2025 09:56 PM
Hello @AY_FASAR ,
Not sure there is something you can predict, it depends on each vendor implementation.
In case of mismatch, the device can for instance apply the stricter proxy ID (if there is an overlap - ie 0.0.0.0/0 <> 0.0.0.0/0 // 1.1.1.1/32 <>2.2.2.2/32)
It may also simply block the tunnel from coming up.
Best practice: make all the info matching on both sides.
It makes understanding of the architecture / troubleshooting way simpler.
PanCast
Olivier
PCSNE - CISSP
Best Effort contributor
Check out our PANCast Channel
Disclaimer : All messages are my personal ones and do not represent my company's view in any way.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
