Comments
-
From your last reply I did set the Access Rules to Any. I noticed in Log Monitor I'm seeing "IP Spoof" errors coming from our LAN 192.x.x.x (this is the IP they assigned to their Palo Alto interface 7) to the 137.x.x.x address (Cloud provider outside our firewall). I'm not sure if this "spoof" is due to their VPN policy…
-
There is a Mellanox switch behind the Palo, and all their own gear (2 video streaming servers for the major TV network and 2 IRD's for inputting satellite RF). Also, just finally received communication back that the Cloud team sees 0 traffic from us even though I see those Forwarded packets. If they're seeing 0 traffic…
-
So I looked at the physical wiring; it looks like our LAN is plugged straight into Port 7 of their Palo Alto firewall. They assigned that port 7 as the 192.x.x.x address. I gave them one of our available Public IP's as the Cloud provider needs to know how to talk to our Sonicwall. It was not in their provided instructions…
-
In image 1.JPG, Packet Detail is highlighted for packet #1. In image 2.JPG, Packet Detail is highlighted for packet #2. The Palo Alto VPN Policy is set to a source Public IP of 72.xx.xx.xxx and destination Public IP of 137.xx.xxx.xx. We feed our LAN into their switch and gave them the LAN IP of 192.xxx.x.xxx. I believe…
-
Hi TKWITS, Thank you for taking the time to reply to me. The Cloud Provider's IP's (there are 6 of them) are in the WAN Zone and are grouped together as an "Address Group". I have two access rules; a LAN to WAN, and a WAN to LAN. The LAN to WAN is Source (LAN IP) and Destination (Cloud Provider IP's) with the requested…
-
Thank you, I appreciate your knowledge. Using packet monitor I was able to verify traffic on the other public IP's I assigned to the NAT rules.
-
Thank you MR_KLAATU, What you explained is what I suspected so I appreciate that clarification. We have a range of WAN IP's available that are not in use; is it as simple as adding the WAN IP's as an address object and then add to the NAT rules, or do I have to assign them as an interface, etc ?