Situation: The client has Paloalto Firewall running GloablProtect VPN and Site-to-site VPN to AWS tunnel. The user on office can’t access the AWS tunnel but VPN user.
Troubleshooting: 1. Monitor shows aged-out.
2. The detail view shows, bytes received is 0.
Conclusion: AWS blocks VPN IP addresses. Have AWS configure their route for VPN IP addresses.
Situation: The client configured Paloalto Firewall to allow VPN users accessing AWS Tunnel. However, the VPN home users can’t access the AWS tunnel and Monitor doesn’t show any traffics.
Troubleshooting: You need to configure GlobalProtect VPN Gateway or add the AWS Tunnel IP addresses to the GlobalProtect Gateway. Please refer to this post: Configure Paloalto Firewall to allow VPN users accessing another IPSec Tunnel
Situation: The client setup a new WiFi printer. The printer has a good IP address but no one can send the printer job.
Troubleshooting: They have two WiFi, staff and guest. Both use the same IP range but can’t see each other. The WiFi printer was setup using Guest IP address so that no staff can’t send the print job. Re-set printer to use staff WiFi that works.