Sorry I asking something, in my company right now has PoC about Prisma Access via Panorama. But We get some issues because Service Connection is always Error. After I checked, the Tunnel is down. So whats the type of tunnel should I use for thats case?
Its ver informative thank you. I have a quation How do we connect 2 or 3 sites vpn with ISP broadband network (public ip DHCP) Do you have any video such?
Thank you for the video. I have an issue. I cannot ping the subnet on the other ipsec site. Currently I enabled the NAT Traversal because my internet connection is behind a rounter. My PA is using DHCP for the WAN connection. Do you have any solution where should I look to make it work?
Is the VPN connection coming up? If yes, do you see the pings in the Traffic Tab (Monitor) on the remote firewall? Is one firewall configured as passive (because of DHCP)? If yes, this firewall won't be able to start a S2S connection. If you see the pings on the remote firewall, try capturing the packets there to see if the firewall receives an answer from the pings.
There are some technical differences (in policy based, usually several SAs are negotiated, and in route based only one), but regarding the Palo Alto configuration, yes, that's the only difference.
Thanks for the video. If i dont want to NAT my local devices. So example, your ubuntu server is 10.0.1.17, i will just put 10.0.1.0/24 in the local ID under proxy ID right?
thank you so much; you are all the time bring new ways and knowledge for security and best practices together; I have a question, can we in site to the site allow one site to use the other site's internet, same as if we do a tunnel in GP and add the remote user to outside nat?
Thank you for the comment! Yes, it's possible, you just need to configure the routing to send the internet traffic through the tunnel. If you're using policy based vpn, you need to configure the proxy ids accordingly. I hope I could help.
![Palo Alto VPN - Site to Site step by step configuration [2024]](http://i.ytimg.com/vi/GPANrMczTz4/mqdefault.jpg)
![Palo Alto VPN - Site to Site step by step configuration [2024]](/img/tr.png)
![Palo Alto GlobalProtect - Must-Know Portal Settings & Tips [2024]](http://i.ytimg.com/vi/ZyZ95QHGGWY/mqdefault.jpg)
Sorry I asking something, in my company right now has PoC about Prisma Access via Panorama. But We get some issues because Service Connection is always Error. After I checked, the Tunnel is down. So whats the type of tunnel should I use for thats case?
@NETSums Please upload a video regarding BGP over IPSec tunnel.
It's a good idea, we haven't done a video with dynamic routing so far. Thank you for the suggestion!
Its ver informative thank you. I have a quation How do we connect 2 or 3 sites vpn with ISP broadband network (public ip DHCP) Do you have any video such?
Excelente vídeo, muito obrigado!!!
Um abraço!
Thank you for the video.
I have an issue. I cannot ping the subnet on the other ipsec site. Currently I enabled the NAT Traversal because my internet connection is behind a rounter. My PA is using DHCP for the WAN connection. Do you have any solution where should I look to make it work?
Is the VPN connection coming up? If yes, do you see the pings in the Traffic Tab (Monitor) on the remote firewall? Is one firewall configured as passive (because of DHCP)? If yes, this firewall won't be able to start a S2S connection.
If you see the pings on the remote firewall, try capturing the packets there to see if the firewall receives an answer from the pings.
So the only different between route based firewall and policy based firewall is you add a Proxy ID ?
There are some technical differences (in policy based, usually several SAs are negotiated, and in route based only one), but regarding the Palo Alto configuration, yes, that's the only difference.
how to setup inside zone correctly in the cloud+palo alto?
I don't understand your question, what do you want to know specifically?
Thanks for the video. If i dont want to NAT my local devices. So example, your ubuntu server is 10.0.1.17, i will just put 10.0.1.0/24 in the local ID under proxy ID right?
Yes, that's it. Just use the physical IP from the server in the proxy ID (or the network as you mentioned).
thank you so much; you are all the time bring new ways and knowledge for security and best practices together; I have a question, can we in site to the site allow one site to use the other site's internet, same as if we do a tunnel in GP and add the remote user to outside nat?
Thank you for the comment! Yes, it's possible, you just need to configure the routing to send the internet traffic through the tunnel. If you're using policy based vpn, you need to configure the proxy ids accordingly.
I hope I could help.
@NETSums Please upload a video configuring Zone Protection.
Great video as always
Could you also do a video on how to troubleshoot VPNs
Hi. I will keep it in mind
GP having ipv6 issues, can you do a video
Do you mean GlobalProtect? Just asking, because this video was not about GlobalProtect. :-)
I will keep that in mind.