- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
08-01-2015 05:29 PM
Hi guys,
I just got my hands on a new PAN. I have setup an srx100 behind the PA-500. The interface Ethernet 2/8 is in the trust zone, is setup as a L3 interface and has an IP of 10.1.1.1. The SRX's IP is 10.1.1.2. The SRX's next-hop address is the PAN's gateway IP (10.1.1.1). A show route on the SRX confirms the route has been setup properly. Now, when I try to ping the PAN's gateway from the srx cli I get a timeout error. The cabling looks fine, both interfaces are in the same subnet, both interfaces are up and the routing tables on the srx look fine. Does anyone have any hinters on what could be causing the problem ? Does the PAN drop icmp packets by default or something ?
08-01-2015 07:10 PM
Check the arp entry entry for the SRX IP should be complete
show arp all
> Create a management profile Network>Network Profiles> Add new one and turn on Ping.
> Apply the new management profile to interface Network>Interface> Open the desired Interface > Advance >Other Info> Select Management profile.
Rate the Helpful Answer.
08-01-2015 05:33 PM
You have to apply a management profile under advanced tab of interface to allow ping. Just check box for ping.
08-01-2015 07:10 PM
Check the arp entry entry for the SRX IP should be complete
show arp all
> Create a management profile Network>Network Profiles> Add new one and turn on Ping.
> Apply the new management profile to interface Network>Interface> Open the desired Interface > Advance >Other Info> Select Management profile.
Rate the Helpful Answer.
08-02-2015 03:50 AM
Welcome to PanOS.
The zone protection profile on PanOS combines the same features as the SRX functions
host-inbound-traffic
screen
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!