How to make Router BGP ping into IP inside Palo Alto

Mikhailzd — Tue, 31 Mar 2026 04:22:47 GMT

Good Afternoon guys, how i could reach network 10.100.111.0/24 inside Palo Alto from Router BGP? i have success to get routing table of 10.100.111.0/24 from Router BGP, but unfortunately i can't ping into gateway of 10.100.111.252/24. How to solve this? Thank you

This is route inside Router BGP :

And this is Configuration Inside STL-CORE-01 :

STL-CORE-01#show running-config
Building configuration...

Current configuration : 3705 bytes
!
! Last configuration change at 04:18:40 UTC Tue Mar 31 2026
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname STL-CORE-01
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/1
media-type rj45
negotiation auto
!
interface GigabitEthernet0/2
media-type rj45
negotiation auto
!
interface GigabitEthernet0/3
media-type rj45
negotiation auto
!
interface GigabitEthernet0/0
no switchport
no ip address
duplex full
no negotiation auto
!
interface GigabitEthernet0/0.39
encapsulation dot1Q 39
ip address 10.200.200.137 255.255.255.248
!
interface GigabitEthernet1/0
switchport trunk allowed vlan 44
switchport trunk encapsulation dot1q
switchport mode trunk
media-type rj45
negotiation auto
!
interface GigabitEthernet1/1
media-type rj45
negotiation auto
!
interface GigabitEthernet1/2
media-type rj45
negotiation auto
!
interface GigabitEthernet1/3
media-type rj45
negotiation auto
!
interface Vlan44
ip address 10.200.200.193 255.255.255.248
!
router bgp 65549
bgp router-id 10.200.200.137
bgp log-neighbor-changes
redistribute connected route-map STATIC-TO-BGP
redistribute static
neighbor 10.200.200.140 remote-as 65550
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 10.32.4.0 255.255.255.0 10.200.200.194
ip route 10.100.111.0 255.255.255.0 10.200.200.194
!
!
!
ip prefix-list STATIC-TO-BGP seq 1 permit 10.200.200.192/29
!
route-map STATIC-TO-BGP permit 10
match ip address prefix-list STATIC-TO-BGP
!
!
!
control-plane
!
banner exec ^C
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************^C
banner incoming ^C
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************^C
banner login ^C
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************^C
!
line con 0
line aux 0
line vty 0 4
login
!
!
end

And this is the IP & Security inside PALOALTO :

Re: How to make Router BGP ping into IP inside Palo Alto

PavelK — Tue, 31 Mar 2026 05:28:46 GMT

Hello @Mikhailzd

Does management profile on Palo Alto's L3 interface allow ping? Here is a reference: How to Allow Ping and ICMP on Layer 3 Interface of Your Palo Alto Networks Device

Does Palo Alto has a route back to the switch?

Kind Regards

Pavel

Re: How to make Router BGP ping into IP inside Palo Alto

Mikhailzd — Tue, 31 Mar 2026 10:41:03 GMT

I'm sorry, it just the error from switch core image on STL-CORE-01. I'm using different image cisco and success to ping ptp ip paloalto from Router BGP. Thank you

topic Re: How to make Router BGP ping into IP inside Palo Alto in Next-Generation Firewall Discussions

How to make Router BGP ping into IP inside Palo Alto

Re: How to make Router BGP ping into IP inside Palo Alto

Re: How to make Router BGP ping into IP inside Palo Alto