05-02-2025 12:35 AM - edited 05-08-2025 09:41 PM
Hi everyone,
Thanks.
05-02-2025 05:55 PM
Hi @quocthinh.9666 ,
Please verify if the source IP is added into allowed IP list. Please refer the below KB to check the permitted IP list.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClovCAC
05-04-2025 07:20 PM
Hi Mshekh,
Now i am not config any permitted IP. But VMs on network-B can ping to Palo-A and opposite.
For e.x: VM on [network-B ip 10.10.2.10] can ping [Palo-A IP 10.10.1.1] but can not ping [Palo-B IP 10.10.2.1]
05-04-2025 11:13 PM
Hi @quocthinh.9666 ,
May I suggest to check if there is any intermediate devices, May be some connectivity issue or intermediate device blocking the connection as no special configuration required to enable the communication execpt the screenshot which you shared. If traffic is directly flowing between two different networks.
05-05-2025 05:57 AM
@quocthinh.9666 -- Since the management interface can be pinged from outside of the subnet I'm going to assume everything is good from the management profile perspective, but check that. Are there other hosts in the same management network on the same nodes (A or B?) Can VM from node A ping something in node A? Does the node A switch see the MAC of both the VM and the firewall? The management interface isn't using a unique service route? I would also confirm the subnet mask and default gateway value are correct.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
