topic Re: Management Interface and In Band Network Overlap in Next-Generation Firewall Discussions

Management Interface and In Band Network Overlap

NSutfin — Mon, 13 Nov 2023 14:30:25 GMT

Hello,

I have the management interface of some PAs in the 10.10.10.0/24 management network. This is the a corporate management network for network devices etc. I also want to inspect traffic on this network and have assigned a interface/security zone with the default gateway for the management network on the PAs. I am having trouble getting the routing to work inband vs default management route. the fib takes traffic destined for the network devices and sends down the management interface. I have included a simple network diagram.Any ideas on how to accomplish this?

Thank you

Re: Management Interface and In Band Network Overlap

rmfalconer — Mon, 13 Nov 2023 16:50:11 GMT

That doesn't seem possible since the management interface isn't bound to a virtual router and e1.10 should be.

Can you provide output on the mgmt interface configuration and the routing table output that shows the traffic flow?

Re: Management Interface and In Band Network Overlap

NSutfin — Tue, 16 Jul 2024 13:20:11 GMT

I ended up creating a separate p2p interface for the management interface. I thought about running it through another PA but after thinking about it, I wouldn't want a scenario where the other PA was blocking access to the management of the device for some reason. Likewise with the FW inspecting its own flow to the mgt interface could cause traffic interuptions.