The MX is now in routed mode with the WAN interface connecting to the site to site and the LAN interface connected to the switch behind the Palo. The Palo now has all of the OSPF routes in the table and can ping hosts on the remote networks. However, I cannot access hosts via HTTPS, HTTP, ssl, etc. from the Palo network. I believe this is due to the fact that the subnet is not known to the remote networks because the MX will only advertise and not learn. According to the docs a static route is needed but I do not know where to add it.
... View more