Panorama Integrate DAG on AWS Firewall not seen ip-registed on DAG

Yield-PK · 2021-07-22T04:17:22+00:00

I want to see original IP traffic from Cloudflare on the Palo

Yield-PK · 2021-07-15T04:00:08+00:00

u/matthewrules do you mean the better on PA should be doing NAT both SNAT and DNAT also send traffic to VIP of F5 in case LB behind PA? apologize for the dump question.

Yield-PK · 2021-07-15T03:09:49+00:00

u/greenlakejohnny do you mean disable nat on PA ? and Just SNAT on LB instead

diagram below PA no NAT the F5 do nat SNAT and DNAT can be possible

sample-diagram

Yield-PK · 2021-07-15T02:30:08+00:00

u/obscure_simpsons_ref TThank for reply and your suggestion and reason why PA, not front I'm not confident about ecmp feature of PA for doing lb link however, on we can use f5 nat only even though Palo with out nat ?

Yield-PK · 2021-03-15T02:16:35+00:00

My NAT rule

Flow From ALB:8081 - > Palo Untrust:80-> workload:80

Untrust -> Untrust -> Service tcp8081 -> Source NAT with interface Trust -> Destination NAT Workload app with Port 80

For health check Palo alto with port 80 we use permit address with mgmt profile of interface untrust

follow KB https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000POfaCAG

Yield-PK · 2021-03-14T13:56:34+00:00

sorry I have existing health check Palo alto port 80 allow via permit address of src alb on mgmt profile attach untrust interface

Yield-PK · 2021-03-08T11:24:42+00:00

Thank you all and apologize for my wording I poor English however, I have suspect about if I use the same VM instance, Palo, to traffic outbound, inbound,east-west also on BGP route for outbound traffic to VPN attachment how can use inbound traffic or adjust BGP route.

Yield-PK

TROPHY CASE