https://live.paloaltonetworks.com/t5/general-topics/vm-firewall-setup/m-p/550892#M112249 <P>Hello</P> <P><SPAN>You are facing connectivity issues while trying to manage the VM Firewall via the MPLS interface (eth1/1). Check VLAN configuration, physical connectivity, IP settings, and ARP. Ensure proper routing, firewall rules, and next-hop device configuration. Involve your ISP or network administrator if needed. Seek guidence from&nbsp;<A href="https://live.paloaltonetworks.com/t5/network-security/" target="_blank" rel="noopener">https://live.paloaltonetworks.com/t5/network-security/</A></SPAN></P> Tue, 25 Jul 2023 10:13:50 GMT stevediaz 2023-07-25T10:13:50Z https://live.paloaltonetworks.com/t5/general-topics/vm-firewall-setup/m-p/550631#M112230 <P>Hi All,</P> <P>I am configuring the VM Firewall. I will not be able to manage the Firewall with the Mgmt Interface as customer has restricted only internet access and MPLS access. So decided to manage it via MPLS interface.</P> <P>There are 3 network adapters in ESXi host as per KB.</P> <P>1 - Mgmt</P> <P>2 - eth1/1</P> <P>3 - eth1/2</P> <P>&nbsp;</P> <P>Initially i configured eth1/1 with the /29 subnet and assigned the default VR. Created a Zone and assigned it as well.&nbsp;</P> <P>I can see the eth1/1 interface is up but unable to see any arp entries learning.</P> <P>Created a default route 0.0.0.0 pointing to the next hop address in the same /29 subnet.</P> <P>Example: 10.10.10.1/29 - FW</P> <P>10.10.10.2/29 - Nexthop</P> <P>&nbsp;</P> <P>I am unable to ping the nexthop. not able to see the arp. Tried pinging from the source as 10.10.10.1 host 10.10.10.2 still getting the error Network not reachable.&nbsp;</P> <P>&nbsp;</P> <P>Am i missing something here? Please suggest.</P> <P>&nbsp;</P> <P>Regards,</P> <P>Sanjay S</P> Mon, 24 Jul 2023 12:24:00 GMT https://live.paloaltonetworks.com/t5/general-topics/vm-firewall-setup/m-p/550631#M112230 Sanjay_Ramaiah 2023-07-24T12:24:00Z https://live.paloaltonetworks.com/t5/general-topics/vm-firewall-setup/m-p/550669#M112238 <P>Hello there</P> <P>&nbsp;</P> <P>What does your security policy look like?&nbsp;&nbsp; What does your Traffic Log show?&nbsp; <BR /><BR />When you went into CLI to do your ping, what was your exact syntax?<BR />Does it match "<STRONG>ping source 10.10.10.1 host 10.10.10.2</STRONG>"?<BR /><BR />By default, the pings come from the management interface.<BR /><BR />Let us know how else we can assist?</P> Mon, 24 Jul 2023 16:12:06 GMT https://live.paloaltonetworks.com/t5/general-topics/vm-firewall-setup/m-p/550669#M112238 S.Cantwell 2023-07-24T16:12:06Z https://live.paloaltonetworks.com/t5/general-topics/vm-firewall-setup/m-p/550787#M112247 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/113304">@S.Cantwell</a>&nbsp;thank you for looking into this.</P> <P>Yes this is the format i am using&nbsp;<SPAN>"</SPAN><STRONG>ping source 10.10.10.1 host 10.10.10.2</STRONG><SPAN>"</SPAN></P> <P>Also ACL, by default intrazone is ANY allowed right so did not create any additional rule.</P> <P>I am not much familiar with CLI captures in Palo what would be the best wat to capture please suggest.</P> <P>My only concern is even after adding the default route it says network not reachable for the Default Gateway itself.</P> <P>Regards,</P> <P>Sanjay S</P> Tue, 25 Jul 2023 05:02:48 GMT https://live.paloaltonetworks.com/t5/general-topics/vm-firewall-setup/m-p/550787#M112247 Sanjay_Ramaiah 2023-07-25T05:02:48Z https://live.paloaltonetworks.com/t5/general-topics/vm-firewall-setup/m-p/550892#M112249 <P>Hello</P> <P><SPAN>You are facing connectivity issues while trying to manage the VM Firewall via the MPLS interface (eth1/1). Check VLAN configuration, physical connectivity, IP settings, and ARP. Ensure proper routing, firewall rules, and next-hop device configuration. Involve your ISP or network administrator if needed. Seek guidence from&nbsp;<A href="https://live.paloaltonetworks.com/t5/network-security/" target="_blank" rel="noopener">https://live.paloaltonetworks.com/t5/network-security/</A></SPAN></P> Tue, 25 Jul 2023 10:13:50 GMT https://live.paloaltonetworks.com/t5/general-topics/vm-firewall-setup/m-p/550892#M112249 stevediaz 2023-07-25T10:13:50Z