topic Re: Shutdown/Disable MGMT interface due to DNS issues in General Topics

Shutdown/Disable MGMT interface due to DNS issues

TheRealDiz — Fri, 23 Mar 2018 15:17:56 GMT

Hi Guys,

I got a simple question for you:

Is it possible to literally disable/shutdown mgmt interface, via CLI or webUI, in a VM enviroment when is not needed?

I notice a DNS issue after we have deleted the IP address assigned to the MGMT interface via cli with command:

"delete deviceconfig system ip-address"

Obviously we have made PA reachable from another interface ethernet1/1, configuring every "service route configuration" on this specific ethernet1/1.

Unfortunately DNS queries were not working properly even if service route configuration was set on ethernet1/1.

I configured fake IP address on MGMT interface.. and guess what happened? DNS queries start working properly.

From my point of view this kind of command "delete deviceconfig system ip-address" should be banned haha 🙂

In order to avoid future issues, is there a way to clean the entire mgmt configuration or literally shut down it?

Bye

Luca

Re: Shutdown/Disable MGMT interface due to DNS issues

BPry — Fri, 23 Mar 2018 18:41:04 GMT

@TheRealDiz,

I don't believe that you can actually disable the port completely. You can disable it to the point where it's essentially a nothing port, but I think it'll always be 'enabled'. Which is kind of odd, because it makes it seem like you can disable it completely in the GUI?

Re: Shutdown/Disable MGMT interface due to DNS issues

Raido_Rattameister — Fri, 23 Mar 2018 19:33:52 GMT

In VM environment uncheck "Connected" and "Connect at power on" in VM setting on Network adapter 1.

Network adapter 1 - Palo mgmt

Network adapter 2 - ethernet1/1

etc...

Re: Shutdown/Disable MGMT interface due to DNS issues

TheRealDiz — Tue, 10 Apr 2018 10:03:58 GMT

Hi @BPry,

Thank you for your reply! Sorry for the wait I was very busy during these week.

Via GUI there was no way to disable mgmt interface but via CLI was possible to issue command mentioned in my post.

It has caused some strange issues with DNS, PA-VM sometimes was able to solve domains and sometimes not.

That's why I'm asking if there is a way to disable mgmt interface or leaves it without IP when is not needed.

Luca

Re: Shutdown/Disable MGMT interface due to DNS issues

TheRealDiz — Tue, 10 Apr 2018 12:39:39 GMT

Hi @Raido_Rattameister,

I know I've seen what you described, infact starting from this mechanism (NIC0 = mgmt NIC1= eth1 etc. ...) my question is if it's possible to disable mgmt interface when is not needed.

But no problem guys at the end I have basically assigned to mgmt a non-used IP 2.2.2.2 and I have finalized my configuration on eth1 🙂

Thanks for your reply!

Luca

Re: Shutdown/Disable MGMT interface due to DNS issues

BPry — Tue, 10 Apr 2018 18:07:16 GMT

@TheRealDiz,

Just FYI, you may want to switch to a proper RFC address instead of using an IP address that is actually assigned to Orange in the France 😉

Re: Shutdown/Disable MGMT interface due to DNS issues

TheRealDiz — Tue, 10 Apr 2018 18:52:09 GMT

Hi @BPry,
That’s right haha!
It doesn’t matter actually it was only for test purposes 🙂

(I’ll keep that in mind)