https://live.paloaltonetworks.com/t5/general-topics/ping-thru-device-and-static-route-qestion/m-p/21858#M15963 <HTML><HEAD></HEAD><BODY><P>1. Your ping is failing because your interface isn't connected to anything. If you're sourcing your ping from Ethernet1/2, which is showing as configured but down, there is no way it could work. Even though your default gateway is set to use Eth1/1, since that interface is legitimately down, the packet cannot be sent using that interface. It works without specifying the interface because it uses the management interface as you guessed.</P><P>2. Since your Ethernet1/1 (ISP interface) is DHCP, the default gateway is configured by your ISP and there is no need to configure the 0.0.0.0/0 route on Eth1/1. You can remove that static route from your virtual router since it is not needed.</P><P></P><P>Regards,</P><P>Greg</P></BODY></HTML> Thu, 02 Apr 2015 18:58:18 GMT gwesson 2015-04-02T18:58:18Z https://live.paloaltonetworks.com/t5/general-topics/ping-thru-device-and-static-route-qestion/m-p/21857#M15962 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>i have one 2050n device in my lab; device is running 4.1.6.</P><P>Interface 1/1 is configured for as dhcp client and i am able to ping update server and obtain dynamic updates. I have no devices/clients connected to inside LAN. Inside lan is on ethernet 1/2.</P><P>Interfaces 1/2 and 1/1 are setup for L3, zone is default (trust/untrust) with interface assigned to appropriate zones.</P><P>i setup ethernet 1/2 with ip address of internal LAN (10.1.1.1/24) but it is not physically connected to any switch or other devices. it shows interface 1/2 is configured but down (red link state).</P><P>Security policy is to allow any any from trust to untrust.</P><P>Virtual router is setup with default settings, both interfaces (1/1 and 1/2) are in virtual router, static route is setup for destination 0.0.0.0/0 on interface 1/1. If i try to enter default gateway in static route as a next hop, the commit is failing. Only way to get commit not to fail is to have Next hop - None. </P><P>Question 1:</P><P>i tried to use ping command from PAN CLI and not getting any response if i do following:</P><P><STRONG>ping source 10.1.1.1 host 8.8.8.8</STRONG></P><P>if i do <STRONG>ping host 8.8.8.8</STRONG> = ping is fine (i am guessing in this case source is management interface)</P><P>Why i am unable to ping using source interface of 10.1.1.1?</P><P></P><P>Question 2: </P><P>Is there are a reason why commit is failing when adding static route to use default gateway provided by ISP?</P><P></P><P>Thanks for your responses.</P></BODY></HTML> Mon, 30 Mar 2015 21:53:23 GMT https://live.paloaltonetworks.com/t5/general-topics/ping-thru-device-and-static-route-qestion/m-p/21857#M15962 Dragan 2015-03-30T21:53:23Z https://live.paloaltonetworks.com/t5/general-topics/ping-thru-device-and-static-route-qestion/m-p/21858#M15963 <HTML><HEAD></HEAD><BODY><P>1. Your ping is failing because your interface isn't connected to anything. If you're sourcing your ping from Ethernet1/2, which is showing as configured but down, there is no way it could work. Even though your default gateway is set to use Eth1/1, since that interface is legitimately down, the packet cannot be sent using that interface. It works without specifying the interface because it uses the management interface as you guessed.</P><P>2. Since your Ethernet1/1 (ISP interface) is DHCP, the default gateway is configured by your ISP and there is no need to configure the 0.0.0.0/0 route on Eth1/1. You can remove that static route from your virtual router since it is not needed.</P><P></P><P>Regards,</P><P>Greg</P></BODY></HTML> Thu, 02 Apr 2015 18:58:18 GMT https://live.paloaltonetworks.com/t5/general-topics/ping-thru-device-and-static-route-qestion/m-p/21858#M15963 gwesson 2015-04-02T18:58:18Z