PBF Rule Does Not Match Traffic to or from the Firewall Directly

PBF Rule Does Not Match Traffic to or from the Firewall Directly

0
Created On 09/25/18 18:51 PM - Last Modified 07/19/22 23:09 PM


Resolution


Issue

The PBF Rule does not match traffic to or from the firewall directly.

Resolution:

This is normal behavior, an ANY traffic that is sourced from the Palo Alto Netowrks firewall or sent directly to sslvpn/ipsec/gp/etc will skip the PBF lookup and use the routing table.

Note: Due to this behavior, do not use a ping sourced from the device to test PBF functionality. The packet has to ingress one of the firewall interfaces.

owner: dburns
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRHCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail