I had a 3 interface setup working: GENEVE In/Out through eth1/1, then into eth1/2 -> NAT -> out of eth 1/3 to the ouetside.
Traffic would end up passing through the firewall twice.
On the other hand GWLB seems to break GP, so cannot run GP portal/Gateway on the outside interface.
My design is as per below. Let me know if any issue.
Server-1 (Outside)==>TGW==>SecurityVPC==>GWLBe==>EndPoint Service==>GWLB==>PaloAlto Outside interface (Eth1/1)==>Pa Processing==>PaloAlto Inside interface(Eth1/2)==> Server-2 (Inside).
I am not using GP instead traffic is ping/ssh. Whenever i process the traffic from Outside to Inside traffic logs saying traffic outside to outside hence not matching correct policy and not processing.
At this time, GWLB deployments do not support routing outside of the GENEVE interface. The traffic must hairpin back to the GWLB.
Also, there is a known issue with GP not working on a GWLB enabled firewall that will be resolved in a future release.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!