Inbound NAT Policy with Outbound PBF Causing IP-Spoofing Drops

Inbound NAT Policy with Outbound PBF Causing IP-Spoofing Drops

15514
Created On 09/26/18 13:54 PM - Last Modified 06/13/23 13:44 PM


Resolution


Issue

If a Policy Based Forwarding (PBF) rule is setup to route inside traffic out a primary interface and the backup default route is configured in the VR with an interface, the return traffic (which is picked up by PBF Policy) may be blocked if the Spoofed IP protection option is selected on the Zone Protection Profile.

Resolution

Remove the interface in the default route (it is not a necessary option)

7-19-2012 11-15-58 AM.png

owner: dburns
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClzeCAC&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language