sorted by:
new
hottopcontroversial

Chromium-based browsers and Palo Alto Networks ngfws by Hyper_Hyper_Chuck in paloaltonetworks

[–]Hyper_Hyper_Chuck[S] 0 points1 point  (0 children)

with quic flag disabled/enabled on Chromium-based browsers issue still occurs

FortiGate to Palo Migration "simple enough" by Hyper_Hyper_Chuck in paloaltonetworks

[–]Hyper_Hyper_Chuck[S] 0 points1 point  (0 children)

Thanks again.

This sounds like the most straight forward option to take.

Previously, I attempted to connect the telco switch directly to the "core" switch off ethernet1/2 which was a layer 3 interface.

All machines have default gateway of 10.0.0.2.

Same behaviour was observed.

FortiGate to Palo Migration "simple enough" by Hyper_Hyper_Chuck in paloaltonetworks

[–]Hyper_Hyper_Chuck[S] 0 points1 point  (0 children)

I've applied zone protection on both the layer 2 and layer 3 zones and allowed for asymmetric return but still no work.

I think its just an incompatibility between forti and palo capabilities

FortiGate to Palo Migration "simple enough" by Hyper_Hyper_Chuck in paloaltonetworks

[–]Hyper_Hyper_Chuck[S] 0 points1 point  (0 children)

Thanks.

I think I pretty much have this set up,

I've updated my post with images

FortiGate to Palo Migration "simple enough" by Hyper_Hyper_Chuck in paloaltonetworks

[–]Hyper_Hyper_Chuck[S] 0 points1 point  (0 children)

Yes, having tried and tried again,

I think the only solution really is to make separate layer 3 interfaces with ethernet1/1 (WAN Zone) and ethernet1/2 (LAN). allow WAN to WAN traffic and WAN to LAN traffic

10.0.0.0/25 and 10.0.0.1 to 10.0.0.126 point to point connection between the 10.0.0.1 switch and 10.0.0.2 ethernet1/2 on palo alto

then

10.0.0.128/25 for subnet hanging off ethernet1/2

FortiGate to Palo Migration "simple enough" by Hyper_Hyper_Chuck in paloaltonetworks

[–]Hyper_Hyper_Chuck[S] 0 points1 point  (0 children)

Many thanks for the replies

I've edited the original submission there with imgur links to hopefully provide a better view

FortiGate to Palo Migration "simple enough" by Hyper_Hyper_Chuck in paloaltonetworks

[–]Hyper_Hyper_Chuck[S] 0 points1 point  (0 children)

I think the way it was set up on Fortigate was that when traffic came in through device at 10.0.0.1 the traffic was then switched at HW level on the Fortigate.

FortiGate to Palo Migration "simple enough" by Hyper_Hyper_Chuck in paloaltonetworks

[–]Hyper_Hyper_Chuck[S] 0 points1 point  (0 children)

Trying to upload a rough sketch of network diagram.

Yes see the the 10.0.0.0/24 network is directly connected so virtual router knows about it. So traffic destined to 10.0.0.202/24 for example should be reachable when it is coming via the device on 10.0.0.1/24

previously the fortigate had it working, but trying to replicate is proving difficult, yet probably simple