02-12-2011 11:19 PM
I have the following configurtion
Two PA 4020 in HA
I can connect to Primary Box over web/ssh/ping but not able to do the same.
Here is my configuration on secondary box.
jksyed@SV-PA-Zulu(passive)# show deviceconfig system service
service {
disable-http no;
disable-https no;
disable-telnet yes;
disable-ssh no;
disable-icmp no;
disable-snmp yes;
hostname: SC-PA-Zulu
ip-address: 192.168.100.11
netmask: 255.255.255.0
default-gateway: 192.168.100.1
ipv6-address:
ipv6-default-gateway:
mac-address: 00:25:90:11:27:6a
time: Sat Feb 12 11:43:54 2011
uptime: 1 days, 23:58:23
family: 4000
model: PA-4020
serial: 0002C101234
sw-version: 3.1.7
vpnclient-package-version: 0.0.0
app-version: 231-877
av-version: 413-528
threat-version: 231-877
url-filtering-version: 3538
logdb-version: 3.0.0
Anyone have any idea, What might be blocking/preventing access to the box?
Any suggestions, would be highly appreciated.
Thanks
Junaid
02-17-2011 10:23 AM
UPDATE: There was a duplicate IP on my network in the form of a static NAT on a Cisco ASA. Please ignore this message 🙂
I was having a similar problem in my lab 4020. During the course of troubleshooting, I rebooted the box with my PC connected to the PAN via console. During the boot process, I noticed an error message in the output saying that my management IP was already in use somewhere on the network. I could not find any indication of a duplicate address on my network, but changing the IP address via the console allowed me to connect through the management port once again.
02-14-2011 04:06 PM
Hello,
Check to see if anything is blocking the management port such as a proxy.
Thanks,
Oliver
02-16-2011 09:39 AM
Have you tried directly connecting to the management interface from your laptop via a crossover cable? If the management interface comes up okay when directly connected, this would indicate if you have a networking issue rather than a management interface issue.
Also, be sure to check the basics... Is the management interface plugged in to the right network? Is the switch port enabled? Is the switch port configured for the proper vlan? Is the default gateway on the box set correctly? You also might try connecting to the console via serial cable and try pinging out from the management interface to verify he can get out.
02-17-2011 01:07 AM
Hello
I'mt not new to PAN, but I'm new to HA
I'm experiencing the same issue.
I have worked with netscreen & HA in the past, and I had the same issue (I think PAN designer came from NS...)
Try to connect on the same lan, not through routing. You'll get access to the passive node.
I don't know why, but the passive node (like in NS) does not respond to requests coming beyond the default gw.
And also the passive node is not able to download updates, for the same reason.
Regards
02-17-2011 09:58 AM
This is not the expected behavior when connecting to the management interface with HA enabled. Please open a ticket to track this issue.
Cheers,
Kelly
02-17-2011 10:23 AM
UPDATE: There was a duplicate IP on my network in the form of a static NAT on a Cisco ASA. Please ignore this message 🙂
I was having a similar problem in my lab 4020. During the course of troubleshooting, I rebooted the box with my PC connected to the PAN via console. During the boot process, I noticed an error message in the output saying that my management IP was already in use somewhere on the network. I could not find any indication of a duplicate address on my network, but changing the IP address via the console allowed me to connect through the management port once again.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
