PA3250 cant ping external interface public ip from internal ip but can ping any other ip

Reply
L2 Linker

PA3250 cant ping external interface public ip from internal ip but can ping any other ip

Hi there,

 

I can ping any other ip even though internet is working fine but when i tried to ping External public interface ip from internal  its not rechable.

there is a internal to internet policy allowing ping and any other application.

 

Thanks

L7 Applicator

Re: PA3250 cant ping external interface public ip from internal ip but can ping any other ip

Did you add an interface management profile to the external interface?

 

--> https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/networking/configure-interfaces/use-interf...

Highlighted
L2 Linker

Re: PA3250 cant ping external interface public ip from internal ip but can ping any other ip

Yes, I added an interface management profile to the externral interface. if i removed the profile do you think it will reslove the issue?

 

L7 Applicator

Re: PA3250 cant ping external interface public ip from internal ip but can ping any other ip

Hello,

No it would not. the profile needs to have the ping option checked:

 

image.png

L2 Linker

Re: PA3250 cant ping external interface public ip from internal ip but can ping any other ip

I've already ping checked in the profile without Permitted IP Address.

L7 Applicator

Re: PA3250 cant ping external interface public ip from internal ip but can ping any other ip

Hello,

Are you trying to ping that interface from 'inside' the network or from a true external source such as a website that performs test pings?

 

Please advise,

L2 Linker

Re: PA3250 cant ping external interface public ip from internal ip but can ping any other ip

I am trying to ping it from inside interface private IP  to external public IP 

 

 

L7 Applicator

Re: PA3250 cant ping external interface public ip from internal ip but can ping any other ip

Hello,

I would then make sure you have a u-turn NAT configured.

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEiCAK

 

Cisco calls it a hairpin. 

 

Regards,

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!