1) Yes that is vlan 12

Vlan IP address - 35.34.33.1

Vlan Host IP - 35.34.33.32

2) Yes it should because its the machine will on the same vlan 12 subnet

Currently I can't even ping my gateway from the host, using this static route

I am not clear where you are applying this route. And perhaps confused about what you are trying to accomplish with this route. Can you clarify this?

HTH

Rick

Richard I clicked the correct answer button wrong. 

I am applying this route to router, I want to route just one machine through the device for testing purpose.

Thanks for the clarification. The route that you are applying will not do what you want it to do. What that route will do is to say that to reach host 35.34.33.32 forward the packet to 64.65.66.68 which is the opposite direction from where the packet should go.

I am not entirely clear on what you are trying to accomplish in this testing. If I interpret the diagram correctly the router has only two interfaces, the interface where the host is connected and an interface leading to the Palo device.  If you want to test whether traffic from this host will be forwarded correctly the default route that you mention should be sufficient. All you need to do is to be sure that the host default gateway does point to this router and then generate some traffic.

If the intent of your test is to prevent traffic from any other host from being routed then you probably need an inbound access list which permits only the host you are testing with.

HTH

Rick

So..

My route actually should be 64.65.66.68 255.255.255.255 35.34.33.32 or what would that be?

Hi;

If you can't ping even gateway as you mentioned then it might be PC in not on Vlan12 or Switch to Router  Vlan 12 is not allowed?

Can you share you Router & Switch Configuration?

Thanks & Best regards;

Actually not being able to ping the host is easily explained when the route 35.34.33.32(Host) 255.255.255.255 64.65.66.68 is used. This route tells the router that to reach 35.34.33.32 it should forward traffic toward Palo which is the wrong direction.

HTH

Rick 

Hi Richard;

As we go to initial case noted where @CKluck001 already mentioned that he configured a default router toward paloalto on Router:

0.0.0.0 0.0.0.0 64.65.66.68

& on PaloAlto have the route of vlan12 (35.34.33.0/24) via 64.65.66.67.

Which seems to be not a routing issue. In 2nd post also @CKlick001 mentioned:

"Currently I can't even ping my gateway from the host". 

Which seems to be either host, switch port (is not configured on vlan 12) or port b/w Switch & Router vlan 12 is not allowed.

Thanks & Best regards;

You are certainly entitled to your own opinion about what is the nature of the problem. But in the original post in addition to the two routes that you mention the original poster also says this "I am trying the following 35.34.33.32(Host) 255.255.255.255 64.65.66.68 "

If vlan 12 is on interface FA0/0 and PaloAlto is on interface FA0/1 and if there is a static route for host 35.34.33.32 which says to get to that host use FA0/1 then in my experience this does create a routing problem. And the result of that routing problem is that attempts to ping 35.34.33.32 will fail because the ping packets are being forwarded out FA0/1.

HTH

Rick

I think I am now getting  what I am doing wrong. 

On The router I should have something along this line. 

99.99.99.0 255.255.255.0 64.65.66.68 

Actually for what you have in the picture you do not need that static route for 99.99.99.0. As long as you have the default route 0.0.0.0 0.0.0.0 64.65.66.68 your router will forward its outbound traffic to PaloAlto and your router does not need to know that PaloAlto will use 99.99.99.0 to get to the Internet.

This discussion has been through so many posts and suggestions that I would like to take a step back and ask for a fresh statement of what is the current problem. What is not working the way that you want it to work?

HTH

Rick

I would like route just machine, I would like just learn how to route one machine vs the whole entire subnet. 

Hi;

Can you confirm that following items:

1. Can PC on Vlan12 (35.34.33.12) can ping Router (35.34.33.1)? As you mentioned in old post that it's not working.

2. If PC ping the gateway then can you verify the PaloAlto firewall policy, whether it's allow or deny?

3. If PC can't ping the gateway then the issue either with PC or switch port (is not configured on vlan 12) or port b/w Switch & Router vlan 12 is not allowed.

Thanks & Best regards;