Paloalto Firewall can’t access the Internet – Case Collections

This video shows some our cases to fix Paloalto Firewall accessing the Internet problems.

Case 1: The client changes their IPS and re-configured their PA-850 Firewall. He can’t ping a public IP address.

Troubleshooting: We run show deviceconfig. It shows Ethernet1/1 is using the old ISP 123.x.x.x/28. The new IP address is 50.x.x.x/28.
Changing the IP address to 50.x.x.x/28 fixes the problem.

Case 2: The client just changes their IPS and re-configures the outside Interface and Virtual router. However, they can’t access the Internet.

Troubleshooting 1: They need to modify the Security under Policies, Trust to internet in our example.

Troubleshooting 2: They need to modify NAT under Policies, NAT Outbound in our case.

Case 3: They can ping public IP address or any websites. However, they can’t access the websites.

Troubleshooting: in review the Security setting under Policy. We find the Application is limited Ping only.

Resolution: configuring Application to Any fixes the problem.

Tip: we should configure Service/URL Category instead of limiting Application.

Case 4: The client’s Active PA-850 is defected. They imported and loaded the configuration to a new unit successfully.  However, they can’t access the internet.

Troubleshooting: The MGT Default Gateway is setup 10.0.0.3 on the new unit. However, imported configuration on MGT Interface Default Gateway is 10.0.0.1

Changing Default Gateway to 10.0.0.3 on the MGT Interface fixes the problem.

Case 5: When the client just imported and loaded a good configuration into a new PA-850. They make sure the etherente1/1 to internet port has a good IP address and correct configuration. However, can’t ping the public IP address on the Firewall.

Troubleshooting: By default, Paloalto Firewall uses the MGT services such as default gateway, DNS. They must have ethernet1/2 configured and connected.

Please view this step by step video:

Published by

Bob Lin

Bob Lin, Chicagotech-MVP, MCSE & CNE Data recovery, Windows OS Recovery, Networking, and Computer Troubleshooting on http://www.ChicagoTech.net How to Install and Configure Windows, VMware, Virtualization and Cisco on http://www.HowToNetworking.com

Leave a Reply