Configuring the Palo Alto Networks Device as an IPSec Passthrough
Created On 09/25/18 17:27 PM - Last Updated 11/19/19 05:19 AM
Exception : PA-7000, PA-5200 and PA-3200 series
On PA-7000, PA-5200 and PA-3200 series, due to an architectural difference, we use a different technique for session creation of IPSec pass-through traffic.
Security policies must be configured to allow pass-through ESP traffic in both directions on PA-7000, PA-5200 and PA-3200 series platforms.
Please refer to this article.