This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Tips & Tricks: How to Ping from the CLI

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Tips & Tricks: How to Ping from the CLI

jdelio
L7 Applicator
‎03-01-2022 09:16 AM

ping-cli_LIVEcommunity-palo-alto-networks.jpg

 

Hello everyone,

This weeks Tips & Tricks is going to be talking about pinging in the firewall CLI, as there can sometimes be confusion and/or issues that arise when trying to ping from the CLI on the Palo Alto Networks firewall. 

 

Let's start off with the basics. 

Due to the nature of the Palo Alto Networks firewalls, you have two "planes" of existence: the Management Plane (MP) and the Data Plane (DP). You have the ability to use the Ping command from both depending on how you use the Ping command.

 

From the MP, you can use the following command to ping a single IP address using the Management Interface IP:

 

>ping host x.x.x.x

Ping command using the Management interfacePing command using the Management interface

 

From the DP, you can use the following command to use an interface that owns ip y.y.y.y on the firewall to source the Ping command from:

>ping source y.y.y.y host x.x.x.x

T&T-How to Ping1b_LIVEcommunity.png

 

Why is this helpful?

 

You can use this command to help troubleshoot latency and connectivity issues from the management interface to hosts internal or external to your firewall. This is especially nice, as you have the ability to change what your source IP address is.

 

Common issue 1:

 

In the event that you receive an error "bind: Cannot assign requested address" on firewall when sourcing ping from any interface other than the management interface, then the cause may be as simple as a checkbox.

 

Please check the physical interface configuration to ensure that the "untagged subinterface" checkbox is NOT checked.

 

Common issue 2: Panorama

 

The ping command only works from the local firewall device, as panorama does not have dataplane interfaces, so you can't add the source from panorama either.

 

To be able to run the ping from a firewall, you need to connect to the firewalls' CLI.

 

I want to give a shout out to @reaper for help with this weeks blog, as I used information he has posted to help create this blog.

 

I hope this helps everyone out with the use of Ping with the Palo Alto Networks Firewall.

 

Thanks for taking time to read my blog.
If you enjoyed this, please hit the Like (thumb up) button, don't forget to subscribe to the LIVEcommunity Blog area.

 

As always, we welcome all comments and feedback in the comments section below.

 

Stay Secure,
Joe Delio
End of line

 

3 Comments
  • 54883 Views
  • 3 comments
  • 8 Likes
Register or Sign-in
Labels
Popular Blogs
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks