This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Who Me Too'd this topic

Issue with VXLAN traffic passing through the firewall

tamilvanan
L3 Networker

‎05-26-2022 10:21 AM

Hi Team, 

 

We have an SDWAN box placed behind the firewall and the SD_WAN box need to communicate with the controllers which is located on the internet.

 

The topology is given below:

SD_WAN Box<--->F/W LAN interface<--->F/W ISP interface <--> Internet <---->Controllers.

 

The SD_WAN Box is trying to establish VXLAN connectivity to the Controllers located on the internet.

 

On the traffic logs and the session browsers we could see the traffic flow b/n the  SD_WAN Box and the VXLAN is being allowed by the firewall and the application is being correctly identified as "VXLAN". 

 

We had configured only source NAT on the firewall but we could see on the log that the destination port is being translated to 511 from 4789

tamilvanan_0-1653585569659.png

 

Why the firewall is translating the destination port even though the DNAT is not configured. 

 

1 person had this problem.
Who Me Too'd this topic
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks