This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About Anees10
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About Anees10
6Posts
0Likes
0Solutions
Last Visited
User
Activity
User
Profile
Latest posts by Anees10
| Subject | Views | Posted |
|---|---|---|
| 492 | 10-26-2022 07:48 AM | |
| 546 | 10-26-2022 12:32 AM | |
| 2767 | 11-08-2021 11:03 AM | |
| 2802 | 11-08-2021 10:06 AM | |
| 3314 | 11-08-2021 10:05 AM | |
| 3637 | 10-25-2021 07:47 PM |
User Badges
Community Statistics
| Member Since | 10-21-2021 02:49 PM |
| Date Last Visited | |
| Posts | 6 |
10-26-2022
07:48 AM
Thanks for your reply.
1. The single server doesn't have internet connectivity. It can still talk to the other servers on the LAN but it doesn't have internet connectivity.
2. Captures show that ARP requests are incomplete. This could be due to the fact that there is no VR configured for ISP2.
>show arp all ethernet1/10 147.129.178.129 (incomplete) ethernet1/10 i 1
>show counter global filter packet-filter yes delta yes severity drop flow_fwd_l3_noarp 7 0 drop flow forward Packets dropped: no ARP
... View more
10-26-2022
12:32 AM
We recently added a new Internet link to our PA-3020. We want only one server (10.1.12.130) to use it, so we configured the new internet link interface as layer-3 , assigned it a static IP, created a PBF policy that basically specifies the zone (internal) and the source IP (10.1.12.130) and the destination is any (negate 10.0.0.0/8) and the action is to forward traffic to egress IF 1/10 with next hop of 1.1.1.1
We also created a NAT rule : From internal zone to external zone, source IF 1/10 and source translation is dynamic-ip-and-port.
Finally, we created a security policy to allow traffic from that source to the internet.
We have one virtual route for the old ISP. It's my understanding that no VR is required when using PBF as no failover or redundancy is required between the two links.
The source server doesn't have internet connectivity. FW's Software Version is 9.1.14-h4. We don't use Panorama to manage it.
I found a similar KB for reference : https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRzCAK#:~:text=Policy%20based%20forwarding%20allows%20you,to%20tweak%20the%20routing%20table
I spent countless hours with PA engineers and they confirmed that the setup looks good, but for some reason they couldn't figure out why this setup is not working.
any thoughts? Thanks in advance.
... View more
11-08-2021
11:03 AM
my only concern is layer-3 processing...we use a "router on a stick" model, so all layer 3 processing is handled by the firewall...i am not sure it can do the job!!
... View more
11-08-2021
10:06 AM
my only concern is layer-3 processing...we use a "router on a stick" model, so all layer 3 processing is handled by the firewall...i am not sure it can do the job!
... View more
11-08-2021
10:05 AM
my only concern is layer-3 processing...we use a router on a stick model,so all layer 3 processing is handled by the firewall...i am not sure it can do the job...
... View more
10-25-2021
07:47 PM
I am planning to replace my HA pair of 3020 with PA-460s...what are you thoughts on this? I feel like the 460s are for branch offices and not data center although the specs are better or similar to 3020...they don't support LACP and they don't have dedicated HA ports...thoughts? PA-460 5.2/4.7 Gbps firewall throughput (HTTP/appmix) 2.4/2.6 Gbps threat prevention throughput 3.1 Gbps IPSec VPN throughput 400,000 max sessions 74,000 new sessions per second PA-3020 2 Gbps firewall throughput (App-ID enabled) 1 Gbps Threat Prevention throughput 500 Mbps IPsec VPN throughput 250,000 max sessions 50,000 new sessions per second 3,000 IPsec VPN tunnels/tunnel interfaces 1,000 SSL VPN users 10 virtual routers 1/6 virtual systems (base/max 5 ) 40 security zones 2,500 max number of policies
... View more
Contact Me
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks