Error When Using Dynamic-IP NAT to Access Web Portal Sites

Error When Using Dynamic-IP NAT to Access Web Portal Sites

8011
Created On 09/26/18 13:55 PM - Last Modified 06/13/23 01:50 AM


Resolution


Symptoms

When using a source NAT with dynamic-IP allocation, an error response is received on some Web portal links. In this specific case the user was able to login to the PAN Support Portal, but received the following error when attempting the link to KnowledgePoint.

This issue can also occur with websites that go from HTTP to HTTPS.

KP.jpg

Cause

This issue will occur when accessing websites that keep track of the source IP address of the connection. If part of the website was loaded with one public IP, while the rest was loaded using a different public IP address, this might cause the server to lose track of the session and return an error.

Resolution

Configuring the firewall to NAT using a single IP address will resolve this issue.

The following command can be used to force the same public IP address for all the connections (originating from the same source IP address). To enable this feature:

> configure

# set setting nat reserve-ip yes

# set setting nat reserve-time (choose time value)

<1-604800> reserve time value in seconds

Commit the change

owner: panagent
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm2FCAS&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language