Cannot ping PAN from srx

Reply
Highlighted
L2 Linker

Cannot ping PAN from srx

Hi guys,

I just got my hands on a new PAN. I have setup an srx100 behind the PA-500. The interface Ethernet 2/8 is in the trust zone, is setup as a L3 interface and has an IP of 10.1.1.1. The SRX's IP is 10.1.1.2. The SRX's next-hop address is the PAN's gateway IP (10.1.1.1). A show route on the SRX confirms the route has been setup properly. Now, when I try to ping the PAN's gateway from the srx cli I get a timeout error. The cabling looks fine, both interfaces are in the same subnet, both interfaces are up and the routing tables on the srx look fine. Does anyone have any hinters on what could be causing the problem ? Does the PAN drop icmp packets by default or something ?


Accepted Solutions
Highlighted
L5 Sessionator

Re: Cannot ping PAN from srx

Check the arp entry entry for the SRX IP should be complete

show arp all

> Create a management profile Network>Network Profiles> Add new one and turn on Ping.

> Apply the new management profile to interface Network>Interface> Open the desired Interface > Advance >Other Info> Select Management profile.

Rate the Helpful Answer.

View solution in original post


All Replies
Highlighted
L3 Networker

Re: Cannot ping PAN from srx

You have to apply a management profile under advanced tab of interface to allow ping.  Just check box for ping.

Highlighted
L5 Sessionator

Re: Cannot ping PAN from srx

Check the arp entry entry for the SRX IP should be complete

show arp all

> Create a management profile Network>Network Profiles> Add new one and turn on Ping.

> Apply the new management profile to interface Network>Interface> Open the desired Interface > Advance >Other Info> Select Management profile.

Rate the Helpful Answer.

View solution in original post

Highlighted
L7 Applicator

Re: Cannot ping PAN from srx

Welcome to PanOS.

The zone protection profile on PanOS combines the same features as the SRX functions

host-inbound-traffic

screen

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!