Hi All, This problem is a little confusing to explain but I will do my best to lay this out. Keep in mind I have changed the IP addresses to keep examples simple. I have a Palo Alto 2020 with a basic configuration. One internet connection and One LAN network behind it. The firewall has a public IP address of 5.5.5.2/24 with a default route pointing to 5.5.5.1. We ran out of IP space and the provider started to route a new 6.6.6.0/28 block to us , this now gives us a bunch more IP addresses to use. I know that on the Palo Alto I simply have to create a NAT which references these new addresses and the Firewall will take care of the rest. I have created a NAT to translate traffic hitting 6.6.6.5 over port 443 to go to my internal server 192.168.1.10. This works great, when someone surfs to https://6.6.6.5 they get my webpage. The weird issue is when someone pings 6.6.6.5. The traffic ends up looping between my firewall and the ISP. As far as I can tell since the Paloalto does not have a specific NAT for the ping, the packet gets forwarded by the routing table back out the ISP who in turn routes it back to me. This is very confusing for people when they try to ping the website. Am I doing something wrong? Thanks!
... View more