Unable to Ping to Layer 3 interface

Reply
Not applicable

Unable to Ping to Layer 3 interface

Hi , I have a Palo Alto 4020 . I have configured one of the interfaces as Layer 3 and also allowed Ping and telent on this interface . The IP given to this Layer 3 interface is 192.168.90.17 and its default gateway is the VLAN interface 192.168.90.1. Even when I connect a Laptop directly to the interface by giving the Laptop an IP of 192.168.90.18 I am unable to ping the Layer interface. I also dont see any Traffic hitting the firewall when viewing the monitor TAB .

Cheers

Security Admin

L4 Transporter

Re: Unable to Ping to Layer 3 interface

Do you have a deny all rule towards to bottom of your rule set?

Basically this would be a rule that denys all traffic to any zones. The primary purpose of this rule is typically to log even the traffic that is being denied. Having this "deny all" rule also blocks intra zone traffic that is normally allowed by default.

By "intra zone" traffic, I mean traffic from zone A to zone A, traffic from zone B to zone B, etc....

The traffic that you are describing from the PC to the interface would be "intra zone traffic".

Also verify that your interface managment profile includes the IP of the pc in the "permitted ip addresses".....if you have "permitted ip addresses".

thank you,

Stephen

Not applicable

Re: Unable to Ping to Layer 3 interface

Stephen ,

I have done all the thinngs you have asked for and the problem remains unresolved . Can you please help think of other alternatives / solutions

Cheers

L4 Transporter

Re: Unable to Ping to Layer 3 interface

Hello,

can you call into support when you have remote access? We will be able to isolate this issue rather quickly if we are able to troubleshoot live.

Thanks,

Stephen

Not applicable

Re: Unable to Ping to Layer 3 interface

Hello,

I also encoutered exactly the same problem and I am using Palo Alto 500, OS version 3.1.6.

Policy already allowed both direction on the same zone. Ping to L3 interface at palo alto request time out.

Any way out?

Thanks.

L4 Transporter

Re: Unable to Ping to Layer 3 interface

Hi Edy,

Have you created an Interface Management Profile that allows Ping and configured it on the L3 interface?

Cheers,

Kelly

Not applicable

Re: Unable to Ping to Layer 3 interface

Hi Kelly,

Thank you very much for the advice and it solved my problem.

I did not aware that management interface need to be created in order to be use.

regards,

Edy

L1 Bithead

Re: Unable to Ping to Layer 3 interface

I actually have the exact same problem (using 3.1.6), however what I found is that ping does work to a regular Layer 3 interface, it does not work on any of my  logical interfaces (sub-interface). I do have an interface management profile for 'ping only' applied to all regular and logical Layer 3 interfaces.

Highlighted
L3 Networker

Re: Unable to Ping to Layer 3 interface

if you are still having an issue with pinging the logical interfaces please create a support case and we'll set up a remote session to further debug.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!