Hello
I have the administration of the PAN-3220 Firewall by a public IP and additionally we form a VPN S2S to reach the equipment in its management interface, in this way we can exercise reviews on the primary and secondary equipment.
A few days ago we upgraded from version 9.0.10 to 9.0.14, once the change was completed, we lost the management from the VPN S2S, it is corroborated that the VPN is operational, however, in the connections we see that there is no response from the Firewall to our queries.
According to your experience, how has this been solved, or what recommendations or workaround could be executed?
Thanks
Do you have overlapping routes ? Try adjusting thebmeteic for that route to 5
To be clear, you're not seeing the syn packets in the transmit stage? The flow is as follows, correct? Remote client - vpn tunnel - firewall1- local switch -firewall 2 mgmt interface If you're not seeing transmits there may be a routing issue from fw1's dataplane towards fw2's mgmt subnet Check the routing table/pbf policies to ensure traffic is directed towards the correct interface/next hop (these connections must flow through the dataplane onto the local network and cannot go through fw1's mgmt interface)
Hi Ana Simply upgrading should not cause this issue, so there's a chance configuration was changed. First, verify if both sides still have appropriate routes pointed towards the tunnel interface to account for the remote subnet, then try to see if packets are flowing in both directions (set up a continuous ping for example and see if counters are increasing in one or both directions of the tunnel, and set a tcpdump on the second member management interface). - Check if your management client IP is listed in the management port access list - check if security rules account for all the applications you want to allow (both from untrust and the vpn zone)