We help IT Professionals succeed at work.

Network Problem!!!!

444 Views
Last Modified: 2013-11-18
I have a remote clinic that can't connect to a certain web-based application on the wired network.  However this clinic can connect via the wireless guest network.  I don't see any access-list that explicitly blocks the public IP address of the web-based application.  I can ping the application and traceroute out to the web-based applications network.  

I contacted the Palo Alto firewall team and they stated they don't see the public ip addresses of the web-based app traversing the firewall.

The clinic can access all other web-sites and intranet sites.  

My core switch, which is in the DMZ, forwards outbound internet traffic through a Palo Alto firewall.  Traffic leaves the firewall and goes through another switch which has a connection out to the internet.

Does anyone have any ideals????
Comment
Watch Question

This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
I did traceroute's and the packets are dropping out in the Web-based applications network.  I will check MTU and get back to you.

Author

Commented:
MTU is set at 1500 on the core switch.  No MTU information is available on the INET switch, which is the switch that connects to the internet.  I don't have the rights to check the Palo Alto settings.
Fred MarshallPrincipal
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Its an MPLS connection back to the main hub.  Wired means Lan.
AkinsdNetwork Administrator
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Fred MarshallPrincipal
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
All the remote sites wireless APs connect back to the WLC at the hub via MPLS.  All sites broadcast the same ssid's.
Fred MarshallPrincipal
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
The wireless has nothing to do with the underlying issue.   The issue is I can't connect to a web-based application via the Lan.  Don't focus so much on the wireless.
AkinsdNetwork Administrator
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Yes ,  I've traced out and pinged to the web-base applications public IP Address which means I have routes out and back.  The problem must be that the firewall is allowing ICMP but not HTTPS to this site.
Principal
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
The issue was in the Palo Alto.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.