https://live.paloaltonetworks.com/t5/general-topics/troubleshoot-vm-panorama-with-multiple-interfaces/m-p/310768#M80473 <P>Hi All,</P><P>&nbsp;</P><P>We have few virtual Panoramas running 8.1 that are needs to managed firewalls into two different zones with no connection between them. For that reason we have configured the <A href="https://docs.paloaltonetworks.com/panorama/8-1/panorama-admin/set-up-panorama/set-up-the-m-series-appliance/configure-panorama-to-use-multiple-interfaces.html" target="_self">Panorama with multiple interface.</A></P><P>- The mgmt interface in used for access to the Panorama as well as managing some if the firewalls</P><P>- Eth1/1 interface is used for managing the rest of the firewalls in the second zone</P><P>&nbsp;</P><P>We already have few similar setups and everything is working fine. During the last setup we had few typos in the panorama config (the default gw for the eth1/1 was wrong and the fw ip was not in the permitted IPs)</P><P>&nbsp;</P><P>My real problem is that there is no way you can troubleshoot the connectivity between the firewall and the panorama <STRONG>on the second interface.</STRONG></P><P>- The tcpdump command on the panorama is listening only on the mgmt interface and it seems there is no way you can see what is hitting the second interface.</P><P>- It seems panorama doesn't support the "packet capture" similar to the firewalls.</P><P>- It seems you cannot "show interface" for status and statistics any non-management interface on the panorama</P><P>&nbsp;</P><P>From my point of view there is no way you can confirm if traffic from the firewall is reaching the panorama and if yes, does it reply - <STRONG>if</STRONG> the firewall is connecting to non-management interface on the panorama.</P><P>&nbsp;</P><P>I was hoping if any of you have find some any commands that can help troubleshoot connectivity over non-management interface.</P><P>&nbsp;</P> Wed, 12 Feb 2020 11:55:52 GMT aleksandar.astardzhiev 2020-02-12T11:55:52Z https://live.paloaltonetworks.com/t5/general-topics/troubleshoot-vm-panorama-with-multiple-interfaces/m-p/310768#M80473 <P>Hi All,</P><P>&nbsp;</P><P>We have few virtual Panoramas running 8.1 that are needs to managed firewalls into two different zones with no connection between them. For that reason we have configured the <A href="https://docs.paloaltonetworks.com/panorama/8-1/panorama-admin/set-up-panorama/set-up-the-m-series-appliance/configure-panorama-to-use-multiple-interfaces.html" target="_self">Panorama with multiple interface.</A></P><P>- The mgmt interface in used for access to the Panorama as well as managing some if the firewalls</P><P>- Eth1/1 interface is used for managing the rest of the firewalls in the second zone</P><P>&nbsp;</P><P>We already have few similar setups and everything is working fine. During the last setup we had few typos in the panorama config (the default gw for the eth1/1 was wrong and the fw ip was not in the permitted IPs)</P><P>&nbsp;</P><P>My real problem is that there is no way you can troubleshoot the connectivity between the firewall and the panorama <STRONG>on the second interface.</STRONG></P><P>- The tcpdump command on the panorama is listening only on the mgmt interface and it seems there is no way you can see what is hitting the second interface.</P><P>- It seems panorama doesn't support the "packet capture" similar to the firewalls.</P><P>- It seems you cannot "show interface" for status and statistics any non-management interface on the panorama</P><P>&nbsp;</P><P>From my point of view there is no way you can confirm if traffic from the firewall is reaching the panorama and if yes, does it reply - <STRONG>if</STRONG> the firewall is connecting to non-management interface on the panorama.</P><P>&nbsp;</P><P>I was hoping if any of you have find some any commands that can help troubleshoot connectivity over non-management interface.</P><P>&nbsp;</P> Wed, 12 Feb 2020 11:55:52 GMT https://live.paloaltonetworks.com/t5/general-topics/troubleshoot-vm-panorama-with-multiple-interfaces/m-p/310768#M80473 aleksandar.astardzhiev 2020-02-12T11:55:52Z https://live.paloaltonetworks.com/t5/general-topics/troubleshoot-vm-panorama-with-multiple-interfaces/m-p/312234#M80760 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/70130">@aleksandar.astardzhiev</a>&nbsp;I am not sure what Panorama model and PanOS version you have, but we have physical M applience on 8.1 and the interface troubleshooting commands are there, e.g."&gt; show interface ethernet1/2",&nbsp; "&gt; tcpdump interface ethernet1/2" .&nbsp;</P><P>&nbsp;</P> Thu, 20 Feb 2020 15:21:46 GMT https://live.paloaltonetworks.com/t5/general-topics/troubleshoot-vm-panorama-with-multiple-interfaces/m-p/312234#M80760 batd2 2020-02-20T15:21:46Z https://live.paloaltonetworks.com/t5/general-topics/troubleshoot-vm-panorama-with-multiple-interfaces/m-p/312989#M80860 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/130874">@batd2</a>,</P><P>&nbsp;</P><P>All of our Panoramas are <STRONG>virtual. </STRONG>All of them are running on 8.1 and none of them support the command you have:</P><LI-CODE lang="markup">user@panorama&gt; show interface management Show management interface information user@panorama&gt; show interface ethernet1/1 ethernet1/1 is not one of &lt;management&gt; Invalid syntax.</LI-CODE><P>&nbsp;</P><P>It seems that the physical devices are supporting these commands, but the virtual don't. Which is weird...</P> Wed, 26 Feb 2020 07:23:19 GMT https://live.paloaltonetworks.com/t5/general-topics/troubleshoot-vm-panorama-with-multiple-interfaces/m-p/312989#M80860 aleksandar.astardzhiev 2020-02-26T07:23:19Z