Troubleshoot VM Panorama with multiple interfaces

Reply
Highlighted
L4 Transporter

Troubleshoot VM Panorama with multiple interfaces

Hi All,

 

We have few virtual Panoramas running 8.1 that are needs to managed firewalls into two different zones with no connection between them. For that reason we have configured the Panorama with multiple interface.

- The mgmt interface in used for access to the Panorama as well as managing some if the firewalls

- Eth1/1 interface is used for managing the rest of the firewalls in the second zone

 

We already have few similar setups and everything is working fine. During the last setup we had few typos in the panorama config (the default gw for the eth1/1 was wrong and the fw ip was not in the permitted IPs)

 

My real problem is that there is no way you can troubleshoot the connectivity between the firewall and the panorama on the second interface.

- The tcpdump command on the panorama is listening only on the mgmt interface and it seems there is no way you can see what is hitting the second interface.

- It seems panorama doesn't support the "packet capture" similar to the firewalls.

- It seems you cannot "show interface" for status and statistics any non-management interface on the panorama

 

From my point of view there is no way you can confirm if traffic from the firewall is reaching the panorama and if yes, does it reply - if the firewall is connecting to non-management interface on the panorama.

 

I was hoping if any of you have find some any commands that can help troubleshoot connectivity over non-management interface.

 

Highlighted
L2 Linker

Re: Troubleshoot VM Panorama with multiple interfaces

@AlexanderAstardzhiev I am not sure what Panorama model and PanOS version you have, but we have physical M applience on 8.1 and the interface troubleshooting commands are there, e.g."> show interface ethernet1/2",  "> tcpdump interface ethernet1/2" . 

 

Highlighted
L4 Transporter

Re: Troubleshoot VM Panorama with multiple interfaces

Hi @batd2,

 

All of our Panoramas are virtual. All of them are running on 8.1 and none of them support the command you have:

user@panorama> show interface 
  management   Show management interface information

user@panorama> show interface ethernet1/1
ethernet1/1 is not one of <management>

Invalid syntax.

 

It seems that the physical devices are supporting these commands, but the virtual don't. Which is weird...

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!