Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Live
- ›
- About PrzemyslawCiborowski
About PrzemyslawCiborowski
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
2 weeks ago
4Posts
1Like
1Solution
May 15, 2020Last Visited
User
Activity
User
Profile
Latest posts by PrzemyslawCiborowski
| Subject | Views | Posted |
|---|---|---|
| 1297 | 07-14-2017 06:10 AM | |
| 1326 | 04-25-2017 01:28 AM | |
| 1335 | 04-24-2017 09:31 AM | |
| 1349 | 04-24-2017 07:47 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 | 07-14-2017 06:10 AM |
User Badges
Public Statistics
| Date Registered | 02-20-2017 07:28 AM |
| Date Last Visited | 2 weeks ago |
| Total Messages Posted | 4 |
| Total Likes Received | 1 |
07-14-2017
06:10 AM
1 Kudo
Hi, Traffic generated on the firewall, like in this case doesn't work with the PBR. I fiexed the problem by configuring two Virtual Routers - each one for a provider. Then instead of ECMP I configured a load sharing with redundancy (for internet traffic, not for the vpn tunnels). Best, Przemek.
... View more
04-25-2017
01:28 AM
I enclosed a drawing to make it more clear. On IKE GW local interface is configured to e1/4 - so all IKE1 traffic goes well (green line). Unfortunately ESP packets are load balanced and goes via e1/1 and e1/4 (orange lines). What I have to do is to force PA to send ESP packets via e1/4 interface. ESP packets always have correct IP source address (2.2.2.2) only issue is that half of it goes via e1/1 interface. Thank you in advance for your help. Cheers, Przemek
... View more
04-24-2017
09:31 AM
Unfortunaltely not, and it seems that I have the same issue with GlobalProtect. I have one tunnel with static IP, and I did a workeranoud - putted static route to this particular IP. In case of other tunnels, I putted also static routes as a temporary solution. But of course it's not what I want to have. Any ideas how to exactply configure PBR? I tried with: Zone Internet, Source IP 2.2.2.2 forwarded to e1/4 - but it doesn't work.... Cheers, Przemek
... View more
04-24-2017
07:47 AM
Dear Collegues, Let imagine the following situation: PA Firewall connected to two ISP, e1/1 - 1.1.1.1 and e1/4 - 2.2.2.2. Default virtual router with ECMP configured with weights e1/1-50 and e1/4-50. IPSEC tunnel configured to the remote site, IKE Gateway configured on interface e1/4. Tunnel is green, everything seems to be fine... but: I see around 50% packets lost. During troubleshooting I see that half of the ESP packets goes via e1/1 and other half via e1/4. Pacekts which goes via e1/1 has IP address of e1/4 (2.2.2.2) and are lost. I assume that I could use a PBF to resolve this issue, am I right? Best, Przemek
... View more
Latest Blogs
Latest Posts
Copyright 2007 - 2020 - Palo Alto Networks
