Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Live
- ›
- About furrygolden
About furrygolden
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
08-18-2015
6Posts
0Likes
0Solutions
Aug 18, 2015Last Visited
User
Activity
User
Profile
Latest posts by furrygolden
| Subject | Views | Posted |
|---|---|---|
| 739 | 05-30-2015 07:35 AM | |
| 793 | 05-30-2015 01:45 AM | |
| 1897 | 05-27-2015 01:44 AM | |
| 1897 | 05-25-2015 09:55 AM | |
| 1897 | 05-24-2015 09:07 PM |
User Badges
Public Statistics
| Date Registered | 05-24-2015 10:05 AM |
| Date Last Visited | 08-18-2015 09:07 AM |
| Total Messages Posted | 6 |
05-30-2015
07:35 AM
Ok.. Got the tunnel up. However, traffic is only one way. I already checked my policies on both side, seems to be correct. Plus, these are the same policies that I used for both side static scenario that worked two ways. When I was troubleshooting the static scenario, I had the same issue and fixed it by rebooting the Fortigate and Palo Alto. However, this time reboot did not help.
... View more
05-30-2015
01:45 AM
What is the exact settings in order to establish a VPN tunnel between a Palo Alto firewall that has static WAN IP address and a Fortigate that has Dynamic WAN IP address? If both has static IP address, the tunnel works. If Fortigate has dynamic WAN address, I cannot get the VPN working. I tried aggressive mode on both sides. Palo Alto log keeps saying IKE phase-1 negotiation failed. Couldn't find configuration for IKE phase-1 request for peer IP X.X.X.X[500], ID ipaddr:X.X.X.X.
... View more
05-27-2015
01:44 AM
Thank you. This is very helpful!
... View more
05-25-2015
09:55 AM
That is great. Thank you! I tested this in lab using minimum config and it seems to work. I am going to add the rest of the configs to see if it works. Now, suppose that using an adding an external switch was not an option. Is there another way to solve this issue? Below are some of the things we came up with. 1. Palo Alto tech support suggested an article that configures a layer 2 to layer 3 connection utilizing a combinations of L2 interface and Virtual router and VLAN. It was complicated and when I tested it, it did not work. Either I didn't choose the right options or it just doesn't work. How to Configure a Layer 2 to Layer 3 Connection on the Palo Alto Networks Device 2. If we further divide the WAN subnet so that WAN has 100.100.100.0/25 and DMZ has 100.100.100.128/25, and changing the upstream router route is not an option, does Palo Alto firewall supports Proxy ARP for the new DMZ subnet? or will it only do proxy arp for NAT devices it is responsible for? 4. If we do NAT translation from WAN to DMZ using the same IP, meaning 100.100.100.100 translates to 100.100.100.100 in DMZ. Would this have worked? The reason I am asking these questions is in case I ran into these issues again, I will have other ways to solve it. Really appreciate your feedback. Thank you!
... View more
05-24-2015
09:07 PM
Thank you for the question answer. This was suggested by me and Palo Tech tech support to the client too using an external switch. The client had question whether the NAT translation will still work correctly in this case for NATting internal servers. There are conflict information whether virtual wire will support NAT and routing. Later OS seems to supports it. I am currently testing this scenario in the lab. Also, in case this does not work and we decide to VLSM the subnet without bridging, does Palo Alto firewall supports Proxy ARP or NATting the same IP address from WAN to DMZ without notifying the upstream router the changed subnet?
... View more
05-24-2015
10:44 AM
I have a client that is currently using Sonicwall and wants to migrate to Palo Alto. Sonicwall supports Transparent IP Mode (Splice L3 Subnet) that basically can bridge the WAN subnet onto the DMZ interface. Let say for example, WAN Interface - 100.100.100.1/24 - L3 DMZ Interface - 100.100.100.1/24 - Transparent LAN Interface - 10.10.10.1/24 - L3 There are currently servers that sits physically in the DMZ Interface using the public address 100.100.100.X range. There are also servers that are being static NATted using the DMZ address 100.100.100.X range to actual internal servers in the LAN 10.10.10.X range Can this be done in Palo Alto? If so, how?
... View more
Labels:
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-18-2015
09:07 AM
|
Latest Tags
No tags yet
Latest Blogs
Latest Posts
Copyright 2007 - 2020 - Palo Alto Networks
