i have a server sending traffic on 443 through GWLB to my Palos and out to the internet
The logs all say 'aged out'
Packet capture reveals the SYN arriving wearing GENEVE, being de-encapsulated, source NATed and forwarded out Untrust
The SYN/ACK arrives on Untrust, but there is no record of the firewall forwarding these packets to GWLB and client - they just vanish
The drops packet capture is empty
This worked previously, but we had to rebuild Panorama after a disaster and a colleague has been 'hardening' the appliances
I suspect an error has been introduced but for the life of me I can't work out what it might be
Hope all is well. I would recommend setting up packet filters and collecting the global counters if you have not done so yet...
How to check global counters for a specific source and destinat... - Knowledge Base - Palo Alto Netw...
Feel free to provide the output for the global counters once you have them.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!