My client's PA 220 cannot reach to his gateway. However, after he has reboot his PA, the connection is back, but only for few hours long! No matter how I have add the MAC address and troubshoot the problem of the system. I have checked both port on therouter and the port on the PA. I have added the MAC address on the ethernet port. I have even chnaged the port. It doesn't contunuse its connection. I have opened this case for the Paloalto support team, but the support, in his first time support, also thought it's the client's router's problem, but it seems that it might not be the issue there.
Does the firewall actually see the port drop, or do you simply lose internet traffic? Is the connection using a static IP or is it using DHCP or PPPoE?
1. I pinged the gateway but the gateway didn't respond, and the ethernet is up. In addtion, I cannot even ping the same domain ip addresses. I have tried to change the port, but it occurs the same problem.
2. The port is static IP.
Remove static arp entry.
> clear arp ethernet1/5
And use same command to ping.
> show arp ethernet 1/5
Do you see arp entry for .89?
(incomplete) means that Palo can't resolve ip to mac address.
You claim that afrer reboot it does and then stops after a while?
What about just disconnecting ethernet1/5 and plugging it back?
Connect patch cable from ethernet1/5 to your laptop.
Start Wireshark on your laptop.
Run ping command.
If packets go out from Palo ethernet1/5 then Wireshark should show arp requests where Palo is trying to resolve 184.108.40.206 to mac address.
If you see those arp requests then issue most likely at ISP side.
Yes, after last time reboot, the ethernet 1/5 was able to reach the 70.89 port again, but only for few hours.
The client said they have tried to ping the 70.90 port on PA with the laptop, but the PA port didn't reply the ping request.
The 70.89 port on the router responded the ping request.
The PA by default wouldn't respond to a Ping request, you would have needed to enable this on the interface management profile. The wireshark capture as mentioned by @Raido will tell you if the PA is attempting to send the ARP request or not, or if the router isn't responding to an ARP request.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!