About MistryJa

MistryJa · ‎05-17-2022

Yes correct, thanks for clarifying thought it may cause some asymmetric routing issues. So there is no need to add an explicit static route to forward traffic for 10.20.50.x out from 1/6? In terms of keeping lab traffic isolated is this in principle fine to use the /24 in the same ip range?

MistryJa · ‎05-17-2022

I just have a question about static routing on the palo alto and how it deals with traffic. We one VR and a default network route to send traffic for 10.20.0.0/16 out via ethernet 1/5 , zone core. There is another interface 1/6 configured with 10.20.50.1/24 zone lab. On the lan by default all traffic get sent to the firewall. Outbound traffic is going out to internet fine via zone lab. Is there likely to be any issues with this routing configuration ?

MistryJa · ‎05-04-2022

Since the Palo upgrade to 10.1.5 last week we have identified three issues, some being service impacting: • Slow searches and log pulls. • Traffic being incorrectly classified and some being dropped. • Menus not expanding.

MistryJa · ‎04-01-2022

Thank you for the update. We are using 5252. Are you getting any users complaining of external voice calls being dropped after a few seconds? It would be good to know if 10.1.5 resolves.

MistryJa · ‎03-31-2022

We upgraded to this version from 9.1.11 to 10.1.4-h4 on the 10th March '22 and its painfully slow......we also are not happy with new interface. Do you know if there is a fix ?

MistryJa · ‎02-24-2021

Hello Varun, Even if the static routing ensures that traffic gets routed directly to the firewall ? Regards,

MistryJa · ‎02-24-2021

Hi All, Just looking for advise , pros vs cons about connecting an ISP internet feed directly to our core mpls/vpls switch. ISP Internet Router—>adva—>Core Switch(siteA)—>mpls/vpls—>Core Switch(siteB)—> Palo Alto The PA firewall will have a separate VR and will nat traffic from 10.x LAN to Public before routing out to Internet via core. There is ospf routing on all cores and distribution switches connecting to cores as well as L2/L3 traffic from other sites. Is this acceptable and what are the security concerns?

MistryJa · ‎02-18-2021

Hello Steve, Many thanks for reply.

MistryJa · ‎02-18-2021

Hi All, I have a guest wifi vlan 10.25.x.x that needs to be routed out to a second ISP. AP-->WLC--Palo Alto FW-->MPLS/VPLS-Router-->L3Switch-->ISP The vlan will each have a sub-interface and gateway 10.25.x.1 assigned on firewall in its own guest zone and virtual router. The virtual router will have a default gateway 0.0.0.0 to a next hop 10.25.x.2 layer 3 switch SVI where ISP is connected. Nat will be performed on the L3 switch, 10.25.x.x addresses pool to a public IP before routing out to internet. 1) Will the policy based forwarding work ? 2) I assume I can forward the same traffic out the same sub-interfaces ? 3) Also if I performed the NAT on the Palo Alto before routing out to ISP over a private network is that acceptable from security point of view ?

Member Since	‎02-18-2021 08:24 AM
Date Last Visited
Posts	9

About MistryJa

Re: Static Route Question

Static Route Question

Re: Traffic Monitor Log Slowness - Upgraded to 10.1.4-h4

Re: Traffic Monitor Log Slowness - Upgraded to 10.1.4-h4

Re: Traffic Monitor Log Slowness - Upgraded to 10.1.4-h4

Re: Static Route Question

Re: Traffic Monitor Log Slowness - Upgraded to 10.1.4-h4

Re: Static Route Question

Static Route Question

Re: Traffic Monitor Log Slowness - Upgraded to 10.1.4-h4

Re: Traffic Monitor Log Slowness - Upgraded to 10.1.4-h4

Re: Traffic Monitor Log Slowness - Upgraded to 10.1.4-h4

Re: ISP Router connection best practice

ISP Router connection best practice

Re: Policy Based Forwarding

Policy Based Forwarding

Network Security

Cloud Security

Security Operations

About MistryJa