03-11-2020 07:13 PM
I have a new PA-220 for a test lab, and this is my first time configuring any PA device from scratch, so I apologize in advance if I've missed something basic. I have set up the interfaces and I can ping out using the troubleshooting -> ping utility in the web UI, but ONLY if I specify the outside interface IP as the source during the test. It is an optional field and if I leave it blank, I get an error that says Failed to get result. In the CLI, I cannot ping out to anywhere, even the next hop gateway upstream with the just the simple ping host x.x.x.x command. Anything related to DNS fails as well, such as updates, but I believe that is because the routing is hosed and it can't hit the public DNS servers. I have double and triple checked my IPs and masks, I believe. What could I be missing?
03-11-2020 10:40 PM
Login in through cli run following commands
show interface all
show routing route
Any NAT policy ?
ping source eth1/1 host g.w ip
03-11-2020 10:40 PM
Hi @BrandonTice
When you ping via the CLI, you need to specify the where the ping will source/come from.
PA-220#ping source x.x.x.x host y.y.y.y
If the source is unspecified, the firewall will use its default "management inteface ip"
See article below for more details
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clk7CAC
03-11-2020 11:05 PM
See article below for more details
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clk7CAC
In case unspecified of source IP, then the management interface IP will act as a default IP
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
