Inbound NAT Policy with Outbound PBF Causing IP-Spoofing Drops

Inbound NAT Policy with Outbound PBF Causing IP-Spoofing Drops

9535
Created On 09/26/18 13:54 PM - Last Modified 02/07/19 23:41 PM


Resolution

Issue

If a Policy Based Forwarding (PBF) rule is setup to route inside traffic out a primary interface and the backup default route is configured in the VR with an interface, the return traffic (which is picked up by PBF Policy) may be blocked if the Spoofed IP protection option is selected on the Zone Protection Profile.

Resolution

Remove the interface in the default route (it is not a necessary option)

7-19-2012 11-15-58 AM.png

owner: dburns



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClzeCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language