Basic AWS Setup

Reply
Highlighted
L0 Member

Basic AWS Setup

So I'm having troubles with a deployment ... seems like it should be super straightforward, but I'm just not getting any traffic through the Palo.

I've got 3 subnet, private, public, mgmt

I swapped the mgmt and eth1/1 interface so the EIP is applied to the public facing interface. 

I'm able to reach both the EIP and over VPN I'm able to access the 1/1 interface over https.

I've deployed a web server behind the Palo on the private subnet with a route table pointing to the Palo ENI. NAT and Security rules are correct, but I do not get any traffic back from the web server at all. Nothing but SYN's in a pcap. I can ping the web server private IP sourced from the inside interface of the palo.

I'm at a loss as to why this is not working ... Someone please help!

Highlighted
L1 Bithead

Check the route table on the Web Server. 
I have found that even though you create a route in the route table for the subnet, the route table directly on the web server will still have it's default route pointing to the IGW. If this is the case, this explains why the return traffic from the web server is not showing in the firewall logs.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!