I am trying to configure a new PA firewall that will replace our ASA and I am running into problems just trying to get connectivity to the internet from our internal network. I feel like I am going crazy over not being able to make a simple configuration work on this firewall.
So I have (2) zones (trust/untrust). trust is assigned to L3 internal interface, untrust assigned to L3 outside interface (facing the ISP's equipment). Both interfaces are using static routing and I can ping different internal subnets as long as I specify the source as the internal interface and vice versa with the external interface. I have a security policy to allow traffic from trust zone going outbound to untrust zone. My NAT policy has trust set to source and destination set to untrust. Source translation is set to dynamic ip and port, with the interface set to the external facing interface and IP address. Obviously I want to add more granular rules to filter traffic properly but if I can't even get a basic configuration going, I can't move onto more complex configurations. I come from an ASA background so there seems to be a bit of a learning curve here.
No comments:
Post a Comment