Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
About PrzemyslawCiborowski
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About PrzemyslawCiborowski
05-15-2020
4Posts
1Like
1Solution
May 15, 2020Last Visited
User
Activity
User
Profile
Latest posts by PrzemyslawCiborowski
| Subject | Views | Posted |
|---|---|---|
| 2992 | 07-14-2017 06:10 AM | |
| 3009 | 04-25-2017 01:28 AM | |
| 3017 | 04-24-2017 09:31 AM | |
| 3044 | 04-24-2017 07:47 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 07-14-2017 06:10 AM |
User Badges
Community Statistics
| Member Since | 02-20-2017 07:28 AM |
| Date Last Visited | 05-15-2020 06:52 AM |
| Posts | 4 |
| Total Likes Received | 1 |
07-14-2017
06:10 AM
1 Kudo
Hi, Traffic generated on the firewall, like in this case doesn't work with the PBR. I fiexed the problem by configuring two Virtual Routers - each one for a provider. Then instead of ECMP I configured a load sharing with redundancy (for internet traffic, not for the vpn tunnels). Best, Przemek.
... View more
04-25-2017
01:28 AM
I enclosed a drawing to make it more clear. On IKE GW local interface is configured to e1/4 - so all IKE1 traffic goes well (green line). Unfortunately ESP packets are load balanced and goes via e1/1 and e1/4 (orange lines). What I have to do is to force PA to send ESP packets via e1/4 interface. ESP packets always have correct IP source address (2.2.2.2) only issue is that half of it goes via e1/1 interface. Thank you in advance for your help. Cheers, Przemek
... View more
04-24-2017
09:31 AM
Unfortunaltely not, and it seems that I have the same issue with GlobalProtect. I have one tunnel with static IP, and I did a workeranoud - putted static route to this particular IP. In case of other tunnels, I putted also static routes as a temporary solution. But of course it's not what I want to have. Any ideas how to exactply configure PBR? I tried with: Zone Internet, Source IP 2.2.2.2 forwarded to e1/4 - but it doesn't work.... Cheers, Przemek
... View more
04-24-2017
07:47 AM
Dear Collegues, Let imagine the following situation: PA Firewall connected to two ISP, e1/1 - 1.1.1.1 and e1/4 - 2.2.2.2. Default virtual router with ECMP configured with weights e1/1-50 and e1/4-50. IPSEC tunnel configured to the remote site, IKE Gateway configured on interface e1/4. Tunnel is green, everything seems to be fine... but: I see around 50% packets lost. During troubleshooting I see that half of the ESP packets goes via e1/1 and other half via e1/4. Pacekts which goes via e1/1 has IP address of e1/4 (2.2.2.2) and are lost. I assume that I could use a PBF to resolve this issue, am I right? Best, Przemek
... View more
LEGAL NOTICES
Copyright 2007 - 2021 - Palo Alto Networks
