Shutdown/Disable MGMT interface due to DNS issues

Reply
Highlighted
L4 Transporter

Shutdown/Disable MGMT interface due to DNS issues

Hi Guys,

 

I got a simple question for you:

 

Is it possible to literally disable/shutdown mgmt interface, via CLI or webUI, in a VM enviroment when is not needed?

 

I notice a DNS issue after we have deleted the IP address assigned to the MGMT interface via cli with command:

"delete deviceconfig system ip-address"

 

Obviously we have made PA reachable from another interface ethernet1/1, configuring every "service route configuration" on this specific ethernet1/1.

Unfortunately DNS queries were not working properly even if service route configuration was set on ethernet1/1.

 

I configured fake IP address on MGMT interface.. and guess what happened? DNS queries start working properly.

From my point of view this kind of command "delete deviceconfig system ip-address" should be banned haha :)

 

In order to avoid future issues, is there a way to clean the entire mgmt configuration or literally shut down it?

 

Bye

Luca

L7 Applicator

Re: Shutdown/Disable MGMT interface due to DNS issues

@TheRealDiz,

I don't believe that you can actually disable the port completely. You can disable it to the point where it's essentially a nothing port, but I think it'll always be 'enabled'. Which is kind of odd, because it makes it seem like you can disable it completely in the GUI? 

L7 Applicator

Re: Shutdown/Disable MGMT interface due to DNS issues

In VM environment uncheck "Connected" and "Connect at power on" in VM setting on Network adapter 1.

Network adapter 1 - Palo mgmt

Network adapter 2 - ethernet1/1

etc...

Enterprise Architect @ Cloud Carib www.cloudcarib.com
ACE (3.0, 5.0, 6.0, 7.0), PCNSE (6, 7), PCNSI
L4 Transporter

Re: Shutdown/Disable MGMT interface due to DNS issues

Hi @BPry,

 

Thank you for your reply! Sorry for the wait I was very busy during these week.

Via GUI there was no way to disable mgmt interface but via CLI was possible to issue command mentioned in my post.

It has caused some strange issues with DNS, PA-VM sometimes was able to solve domains and sometimes not.

 

That's why I'm asking if there is a way to disable mgmt interface or leaves it without IP when is not needed.

 

BR

Luca

L4 Transporter

Re: Shutdown/Disable MGMT interface due to DNS issues

Hi @Raido,

 

I know I've seen what you described, infact starting from this mechanism (NIC0 = mgmt NIC1= eth1 etc. ...) my question is if it's possible to disable mgmt interface when is not needed.

 

But no problem guys at the end I have basically assigned to mgmt a non-used IP 2.2.2.2 and I have finalized my configuration on eth1 :)

 

Thanks for your reply!

Luca

L7 Applicator

Re: Shutdown/Disable MGMT interface due to DNS issues

@TheRealDiz,

Just FYI, you may want to switch to a proper RFC address instead of using an IP address that is actually assigned to Orange in the France ;) 

L4 Transporter

Re: Shutdown/Disable MGMT interface due to DNS issues

Hi @BPry,
That’s right haha!
It doesn’t matter actually it was only for test purposes :)

(I’ll keep that in mind)
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!