Can the Interface MAC Address be Modified?

Can the Interface MAC Address be Modified?

47214
Created On 09/27/18 06:34 AM - Last Modified 05/13/20 20:56 PM


Symptom


The MAC address is not configurable on Palo Alto Networks firewalls.

Environment


  • PAN-OS 8.1 and above.
  • Palo Alto Firewall.

Resolution


The MAC address assigned to the interface cannot be changed with any CLI command.  

The MAC address does change when High Availability (HA) is enabled based on the configured group id.
A pair of firewalls in HA config has a group ID of 1-62. Both devices need to use the same group ID so that the MAC addresses are identical. This is necessary for Active/Passive HA. When the Passive firewall decides to become active, it sends a gratuitous ARP out from all interfaces so that the connected switches will update the bridge table.

 

Additional Information


Configuration Guidelines for Active/Passive HA
Floating Address and Virtual MAC Address
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm70CAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language