06-27-2011 07:07 AM
hello
just setting up a PA 2020 which has a management IP configured - should this be enough to perform license key registrations/downloads?
eth1/1 vwire untrust
eth1/2 vwire trust
when i telnet to device i cannot ping a public IP address
i have 1 policy from trust/any/any/any to untrust/any/any/any allow
thanks for any help
S
06-27-2011 07:53 AM
Since you are using a v-wire installation I would check if you upstream device allowing the management ip of the PAN access to the internet.
Marc
06-27-2011 07:58 AM
thanks
well should be ok since just connected to a switch.....which then connects to current firewalls in use which allow the PA 2020 access out....
any other ideas please anyone?
06-27-2011 08:44 AM
Sue,
If the mgmt IP traffic is a private IP address, then can you please check to see if NAT is working for the traffic going out on the current firewall.
From the device command line, please try the command "ping host updates.paloaltonetworks.com" if this does not works then please try "traceroute host updates.paloaltonetworks.com". Please check if the DNS name gets resolved to a IP address. This will check that the device is able to go out and connect to the server and the device should be able to get the license info.
Hope this helps.
Thanks
06-27-2011 08:59 AM
hello thanks for your reply
i telnet to firewall and
ping host updates.paloaltonetworks.com
ping unknown host
traceroute host updates.paloaltonetworks.com
updates.paloaltonetworks.com name or service not known
cannot handle host cmdline arg updates.paloaltonetworks.com on position 1 (argc 2)
i was trying to do the quick start set up and add DNS server and register device and download license keys but this fails
sorry about this...appreciate your help
S
06-27-2011 09:33 AM
Looks like a name resolution issue. Make sure you have the correct DNS info under Device->Settings.
You could also try pinging a public host by IP address instead to see if the network layer is working:
ping host 4.2.2.2
Cheers,
Kelly
06-27-2011 11:55 AM
As mentioned in earlier posts the issue is most likely either your management port configuration or some upstream device.
When you do your initial configuration DNS is an absolute need, you should be able to ping updates.paloaltonetworks.com. If you’re unable to reach this site you will not be able to retrieve updates or license the device. Check to ensure that http and SSL are allowed access to the updates server, verify DNS and routing. If you are passing all traffic originating from the management port through the PA-2020 look through the logs to validate that the associated IP is ingressing and egressing the expected Ethernet ports. If you can’t see any traffic from the assigned IP address then you will need to troubleshoot your internal network.
~Phil
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
