Palo Alto Networks Knowledgebase: Configuring the Palo Alto Networks Device as an IPSec Passthrough
Configuring the Palo Alto Networks Device as an IPSec Passthrough
Created On 09/25/18 17:27 PM - Last Updated 09/25/18 23:10 PM
This document describes how to configure the Palo Alto Networks firewall to behave as an IPSec passthrough between VPN terminating devices.
Configure a security policy to allow the "ipsec" application traffic between the tunnel endpoints. This will enable the Palo Alto Networks firewall to act as vpn passthrough for traffic between vpn peers.
The screenshot below shows devices 198.51.100.1 and 203.0.113.1 (10.0.0.1 internally) as the vpn peers. The application, "ipsec", is specified under the Application column.
The ipsec application contains the following sub-apps:
The sub-apps above are allowed implicitly when the ipsec application is configured as allowed.