Hi Created a new zone on PA ether1/5 configured all interfaces. Installed a Cisco 5520 WLC as and Anchor WLC and setup piolices to allow the Capwap tunnnel to the Foreign WLC. This was a 1 legged approach, WLC in LAG This worked, tunnel is up and stayed up. The client traffic breaks out to a layer 2 connection to a 3rd party managed guest solution. All devices can connected and get a IP from range in DMZ. Windows devices get the splash page for auuthtication from the 3rd party, apple and android seem to time out, ssl connectin keep being dropped. I removed LAG from the WLC and turned connected 1 port to be the management on to our dist, the client side still all correct, but now when a Apple and Android device connects, it works as should do. Is there something on the Palo that is causing this to time out? When the WLC was on the 1/5 port of Pal, Cisco Prime had trouble to see it, even though I was allowing all services and application to connect, but as soon as removed from PA, Prime and the WLC could talk with no problems. To me, the Cisco side no issues, but something on the Pall affecting it.
... View more