This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
- AIOps for NGFW
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- Cloud NGFW for AWS
- CN-Series
- VM-Series:
- Private Cloud
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
About PrzemyslawCiborowski
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About PrzemyslawCiborowski
05-15-2020
4Posts
1Like
1Solution
May 15, 2020Last Visited
User
Activity
User
Profile
Latest posts by PrzemyslawCiborowski
| Subject | Views | Posted |
|---|---|---|
| 4124 | 07-14-2017 06:10 AM | |
| 4141 | 04-25-2017 01:28 AM | |
| 4149 | 04-24-2017 09:31 AM | |
| 4176 | 04-24-2017 07:47 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 07-14-2017 06:10 AM |
User Badges
Community Statistics
| Member Since | 02-20-2017 07:28 AM |
| Date Last Visited | 05-15-2020 06:52 AM |
| Posts | 4 |
| Total Likes Received | 1 |
07-14-2017
06:10 AM
1 Kudo
Hi, Traffic generated on the firewall, like in this case doesn't work with the PBR. I fiexed the problem by configuring two Virtual Routers - each one for a provider. Then instead of ECMP I configured a load sharing with redundancy (for internet traffic, not for the vpn tunnels). Best, Przemek.
... View more
04-25-2017
01:28 AM
I enclosed a drawing to make it more clear. On IKE GW local interface is configured to e1/4 - so all IKE1 traffic goes well (green line). Unfortunately ESP packets are load balanced and goes via e1/1 and e1/4 (orange lines). What I have to do is to force PA to send ESP packets via e1/4 interface. ESP packets always have correct IP source address (2.2.2.2) only issue is that half of it goes via e1/1 interface. Thank you in advance for your help. Cheers, Przemek
... View more
04-24-2017
09:31 AM
Unfortunaltely not, and it seems that I have the same issue with GlobalProtect. I have one tunnel with static IP, and I did a workeranoud - putted static route to this particular IP. In case of other tunnels, I putted also static routes as a temporary solution. But of course it's not what I want to have. Any ideas how to exactply configure PBR? I tried with: Zone Internet, Source IP 2.2.2.2 forwarded to e1/4 - but it doesn't work.... Cheers, Przemek
... View more
04-24-2017
07:47 AM
Dear Collegues, Let imagine the following situation: PA Firewall connected to two ISP, e1/1 - 1.1.1.1 and e1/4 - 2.2.2.2. Default virtual router with ECMP configured with weights e1/1-50 and e1/4-50. IPSEC tunnel configured to the remote site, IKE Gateway configured on interface e1/4. Tunnel is green, everything seems to be fine... but: I see around 50% packets lost. During troubleshooting I see that half of the ESP packets goes via e1/1 and other half via e1/4. Pacekts which goes via e1/1 has IP address of e1/4 (2.2.2.2) and are lost. I assume that I could use a PBF to resolve this issue, am I right? Best, Przemek
... View more
LEGAL NOTICES
Copyright 2007 - 2022 - Palo Alto Networks