Wednesday, November 8, 2017

Palo Alto route selection

I had an issue just now where several of my PA200, PA220 and PA500 routers started using the wrong interface and zone for DHCP traffic. After several hours of investigation and an hour on the phone with PA it was determined that the cause of this was that our specific route, and the default route had the same metric.

My understanding, and the understanding of others I work with, is that the most specific route wins, or in the case of a conflict it will use the metric. PA tech support is telling me that the metric conflict cause the problem.

I didn't set up these routes so I'm not sure there's a good reason to keep all of the metrics the same, but I also don't understand why it would start to fail in this way all of a sudden in the absence of any changes or updates.

Any thoughts?



No comments:

Post a Comment