https://live.paloaltonetworks.com/t5/general-topics/lan-issue-with-pa200/m-p/16382#M11958 <HTML><HEAD></HEAD><BODY><P>Hi Sue,</P><P></P><P>In order to ping the firewall's interface, you'll need to attach a management profile allowing ping.&nbsp; Create a new management profile with ping enabled on the Network Tab &gt; Network Profiles &gt; Interface Mgmt page and then select this management profile on ethernet1/2's interface configuration page.</P><P></P><P>When you perform the ping operation on the firewall, be sure to specify the source interface IP address that is capable of reaching the switch's IP of 10.130.8.20.&nbsp; So the command would be "ping source 10.130.8.25 host 10.130.8.20".&nbsp; Without specifying a source, the firewall will default to using the IP address assigned to the dedicated management port.&nbsp; I'm guessing that your management port cannot reach the 10.130.8.0/24 subnet.</P><P></P><P>Thanks,</P><P>Nick Campagna</P></BODY></HTML> Fri, 10 Feb 2012 18:37:36 GMT ncampagna 2012-02-10T18:37:36Z https://live.paloaltonetworks.com/t5/general-topics/lan-issue-with-pa200/m-p/16380#M11956 <HTML><HEAD></HEAD><BODY><P>Hi</P><P>gotta really wierd problem...</P><P>PA 200</P><P>configured for DHCP</P><P>eth1/2 Layer 3 IP address 10.130.8.25/24</P><P>default route via eth 1/2</P><P>eth1/2 connected to port on CISCO 2960S switch</P><P>PC connected to port on same CISCO 2960S switch</P><P>IP config IP Address. . . . . . . . . . . . : 10.130.8.151</P><P>Subnet Mask . . . . . . . . . . . : 255.255.255.0</P><P>Default Gateway . . . . . . . . . : 10.130.8.25</P><P>Switch config..... interface Vlan1 ip address 10.130.8.20 255.255.255.0</P><P>and also ip default-gateway 10.130.8.25</P><P>all interfaces are in this default vlan1</P><P>PC gets IP address from PA ok</P><P>PC can ping switch IP 10.130.8.20</P><P>PC cannot ping PA eth 1/2 10.130.8.25</P><P>PA has 1 rule ANY ANY ALLOW</P><P>COnsole access to PA and cannot ping switch at 10.130.8.20</P><P>LAN does not seem to be up in PA 200....</P><P>appreciate any help...problem is driving me insane</P><P>thanks</P></BODY></HTML> Fri, 10 Feb 2012 13:01:25 GMT https://live.paloaltonetworks.com/t5/general-topics/lan-issue-with-pa200/m-p/16380#M11956 sue_town 2012-02-10T13:01:25Z https://live.paloaltonetworks.com/t5/general-topics/lan-issue-with-pa200/m-p/16381#M11957 <HTML><HEAD></HEAD><BODY><P>Have you done a debug icmp trace on the cisco switch to see if the packets are making it to the switch? make sure to do a term mon and logging console or monitor on the cisco switch.</P><P></P><P>change the rule on the pa to deny any any and then check the PA traffic log to see if it's registering ICMP requests from your PC or Switch.</P><P></P><P>Rod</P></BODY></HTML> Fri, 10 Feb 2012 14:10:06 GMT https://live.paloaltonetworks.com/t5/general-topics/lan-issue-with-pa200/m-p/16381#M11957 djrodb 2012-02-10T14:10:06Z https://live.paloaltonetworks.com/t5/general-topics/lan-issue-with-pa200/m-p/16382#M11958 <HTML><HEAD></HEAD><BODY><P>Hi Sue,</P><P></P><P>In order to ping the firewall's interface, you'll need to attach a management profile allowing ping.&nbsp; Create a new management profile with ping enabled on the Network Tab &gt; Network Profiles &gt; Interface Mgmt page and then select this management profile on ethernet1/2's interface configuration page.</P><P></P><P>When you perform the ping operation on the firewall, be sure to specify the source interface IP address that is capable of reaching the switch's IP of 10.130.8.20.&nbsp; So the command would be "ping source 10.130.8.25 host 10.130.8.20".&nbsp; Without specifying a source, the firewall will default to using the IP address assigned to the dedicated management port.&nbsp; I'm guessing that your management port cannot reach the 10.130.8.0/24 subnet.</P><P></P><P>Thanks,</P><P>Nick Campagna</P></BODY></HTML> Fri, 10 Feb 2012 18:37:36 GMT https://live.paloaltonetworks.com/t5/general-topics/lan-issue-with-pa200/m-p/16382#M11958 ncampagna 2012-02-10T18:37:36Z https://live.paloaltonetworks.com/t5/general-topics/lan-issue-with-pa200/m-p/16383#M11959 <HTML><HEAD></HEAD><BODY><P>thanks Nick - I had overlooked that...</P><P>Sue</P></BODY></HTML> Mon, 13 Feb 2012 14:24:08 GMT https://live.paloaltonetworks.com/t5/general-topics/lan-issue-with-pa200/m-p/16383#M11959 sue_town 2012-02-13T14:24:08Z