Can't access management when PA200 is in line

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Can't access management when PA200 is in line

L1 Bithead

I have a PA200 and when I only have the management port plugged in, I can access the management interface. When I put it inline and have production traffic running through it, I'm no longer able to access the management interface. I have two NAT rules: one for a Playstation and one for general outbound using DIPP. I need to do some troubleshooting, but would anyone know why this is happening? Here is my Playstation NAT rule (which I think is the culpret).

 

Source zone: home

Destination zone: internet

Source address: playstation4

Source translation: static-ip, Internet IP (address), and bi-directional enabled

3 REPLIES 3

L6 Presenter

Hi,

 

From where you are trying to access it: local net or Internet?

What is your default gateway on the mgmt interface? Does it have an Internet access?

L7 Applicator

Check the traceroute to your mgmt address and see where it goes.  I suspect your traffic may be going through the production flow and nat interfaces and not reaching your mgmt subnet.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

Cyber Elite
Cyber Elite

If you are just trying to do this for testing purposes I would simply open up a new remote management profile and assign it to a port on your trust "home" zone, you should then be able to access the management interface and SSH into the device directly from the IP address assigned to that port. 

P.S this is written assuming that you have layer 3 ports instead of layer 2; if you are using layer 2 in a home enviroment I might suggust just reorganzing to Layer 3 anyways since you get access to a few more things on the PA interface. 

  • 2403 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!