GCP site-to-site VPN traffic through Palo Alto

Sunny J.

2/28/23, 12:16 AM

I'm looking for some directions. Has anyone implemented the use case described in this lab [Palo Alto Networks: VM-Series Advanced Deployment with site-to-site vpn to onprem?

Question. Which vpc did you terminate the vpn traffic for both the inbound and outbound traffic to pass through the firewall?

I terminated in a vpc other than the firewall in a peered gcp hub and spoke, now both inbound and outbound traffic are bypassing firewall.

Another approach that I took that failed:

Make an internal load balancer in the untrusted vpc terminate the vpc traffic on the untrusted piping the inbound traffic through this ilb to the backend service (PAN) instances. The problem with this approach is that the internal load balancer is failing backend healthcheck. Reason being that, I'm unable to add the GCP health check source IP to the untrusted nic, since there route has to be unique.

Has anyone implemented something similar, can you share some thoughts and ideas?

167

0 + 0

firewall

google

site-to-site-vpn

palo-alto-networks

google-cloud-platform

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: GCP site-to-site VPN traffic through Palo Alto

TH: การรับส่งข้อมูล VPN แบบไซต์ต่อไซต์ GCP ผ่าน Palo Alto

RO: Trafic VPN GCP de la site la site prin Palo Alto

RU: GCP site-to-site VPN-трафик через Пало-Альто

VI: Lưu lượng VPN site-to-site GCP thông qua Palo Alto

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.