I want to setup a simple two PCs connected to PA200 so that I may practice a ping test and packet capture.
PC#1 - IP address 192.168.1.2 - connected to interface 1/1
PC#2 - IP address 192.168.2.2 - connected to interface 1/3.
I can not get my interfaces to come alive after committing changes! Anyone know what I could be doing wrong?
Solved! Go to Solution.
let's start with layer 1. are they connected to something? your interfaces are shown as down in that screenshot. status should be green, not red.
ETA: if they are connected and the other end thinks they're connected, you can force them to up by editing them and forcing the link state to up. but that shouldn't normally be necessary. regardless, if the PA thinks the interfaces are down, the pings won't work for sure.
Also make sure you have a policy in place to allow the pings to go between the two zones. Also routes in the default router so they know how to get to each other.
Yes the PCs are connected and I know they should show up green on the interfaces (after configuring and commit). But they are not green. They are showing up as Red and no lights on the PA200 ports.
I do have a Ping management profile assigned to both interfaces.
I don't know, I must be doing something wrong. Will keep working on it and close this thread this week.
I quess you refreshed this interfaces tab in browser and they were still red right?
If so then you can check if network adapter shows up or down in pc but most likely it is down.
No reason to dig into ping profiles before layer 1 (physical connectivity) is up and green.
yes, forget the layer 3 issues until you can resolve the layer 1 issues. what are they connected to on the other ends?
I don't think I've had to do this on the PA, but I recall Cisco devices, for example, sometimes acting finicky if settings are left as auto on both sides. so you may want to force the speed/duplex on one side if you can.
the only time I've personally encountered red interfaces when everything is fully connected is in an HA pair when the standby device is configured to keep ports off until the active fails.
Never, I mean ever force speed/duples setting only on one side.
If one side is manual then both sides have to be manual.
Not as bad any more with 1Gbit interfaces but with 100Mbit interfaces setting one side manual and leaving other auto will drop auto side to 10Mbit half duplex.
Thanks folks for the feedback. I need to revisit this when I have time. Perhaps as I get more educated I can resolve what I am doing wrong here. I will close this thread.
Ok, I had some time.
Thanks again for responding and putting up with my beginner questions, but I think I am making progress.
Previously I was converting an existing config, maybe I was messing up somewhere.
I started over from factory default and working great.
My goal was to configure a simple ping test and demonstrate a Source NAT IP change between two Layer 3 interface.
You can see in my results that the first ping is really just communicating as internal Layer 3 routing (which would not route if was a real internet connection of course).
The second ping is using a NAT DIPP policy to change the source IP to match the 1/1 interface IP. (Different IP scheme than previous test, but same concepts)
Happy I got this working since these kinds of simple tests help me understand. Thanks!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!