Error When Using Dynamic-IP NAT to Access Web Portal Sites
Resolution
Symptoms
When using a source NAT with dynamic-IP allocation, an error response is received on some Web portal links. In this specific case the user was able to login to the PAN Support Portal, but received the following error when attempting the link to KnowledgePoint.
This issue can also occur with websites that go from HTTP to HTTPS.
Cause
This issue will occur when accessing websites that keep track of the source IP address of the connection. If part of the website was loaded with one public IP, while the rest was loaded using a different public IP address, this might cause the server to lose track of the session and return an error.
Resolution
Configuring the firewall to NAT using a single IP address will resolve this issue.
The following command can be used to force the same public IP address for all the connections (originating from the same source IP address). To enable this feature:
> configure
# set setting nat reserve-ip yes
# set setting nat reserve-time (choose time value)
<1-604800> reserve time value in seconds
Commit the change
owner: panagent