cant ping out from PA 2020

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

cant ping out from PA 2020

Not applicable

hello

just setting up a PA 2020 which has a management IP configured - should this be enough to perform license key registrations/downloads?

eth1/1 vwire untrust

eth1/2 vwire trust

when i telnet to device i cannot ping a public IP address

i have 1 policy from trust/any/any/any to untrust/any/any/any allow

thanks for any help

S

6 REPLIES 6

L0 Member

Since you are using a v-wire installation I would check if you upstream device allowing the management ip of the PAN access to the internet.

Marc

thanks

well should be ok since just connected to a switch.....which then connects to current firewalls in use which allow the PA 2020 access out....

any other ideas please anyone?

Sue,

If the mgmt IP traffic is a private IP address, then can you please check to see if NAT is working for the traffic going out on the current firewall.

From the device command line, please try the command "ping host updates.paloaltonetworks.com" if this does not works then please try "traceroute host updates.paloaltonetworks.com". Please check if the DNS name gets resolved to a IP address. This will check that the device is able to go out and connect to the server and the device should be able to get the license info.

Hope this helps.

Thanks

hello thanks for your reply

i telnet to firewall and

ping host updates.paloaltonetworks.com

ping unknown host

traceroute host updates.paloaltonetworks.com

updates.paloaltonetworks.com name or service not known

cannot handle host cmdline arg updates.paloaltonetworks.com on position 1 (argc 2)

i was trying to do the quick start set up and add DNS server and register device and download license keys but this fails

sorry about this...appreciate your help

S

Looks like a name resolution issue.  Make sure you have the correct DNS info under Device->Settings.

You could also try pinging a public host by IP address instead to see if the network layer is working:

ping host 4.2.2.2

Cheers,

Kelly

L4 Transporter

As mentioned in earlier posts the issue is most likely either your management port configuration or some upstream device.

When you do your initial configuration DNS is an absolute need, you should be able to ping updates.paloaltonetworks.com. If you’re unable to reach this site you will not be able to retrieve updates or license the device. Check to ensure that http and SSL are allowed access to the updates server, verify DNS and routing. If you are passing all traffic originating from the management port through the PA-2020 look through the logs to validate that the associated IP is ingressing and egressing the expected Ethernet ports. If you can’t see any traffic from the assigned IP address then you will need to troubleshoot your internal network.

~Phil

  • 7912 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!