Hi, my ISP has assigned me with a /30 for the p2p connection and it is routing a /24 public subnet towards that /30. Meaning the WAN interface in the Palo will have to respond to many different ips on two different subnets. I haven't found any Kb that describe this scenario. Also please consider we are migrating from another devicewhich is perfectly working fine with this configuration, this in case we want to start pointing fingers to the ISP. No, it is definitely the Palo. Also for the sake of the conversation i am running a p3020 with 7.1 - outbound traffic works (a machine inside the LAN can go out to the internet and uses one of the /24 addresses using the NAT rule i have configured). - Inbound traffic (published services) do not work at all, it seems that the Palo never answer with an ARP to tell the other device that it "has" those ips. - tried using loopbacks, or to add the additional subnet in the interface configuratio, i have zero traffic hitting the interface (no ARP sent) Digging around i found two solutions, didnt manage to test them thou: - forcing a GARP within the CLI (this is an horrible solution, and i would need to do this everytime i restart the Palo?) - Add a fake route in the virtual router. Add a route to the /24 with next hop None, so that the Palo installs a route and start accepting the traffic. This is still a horrible workaround. I am wondering how you guys do it, thanks!
... View more