06-20-2020 06:05 AM
Hi All,
I have a customer that looses it's access to the Web GUI of the PAN Firewall except console connection. Aggregate Interface is configured. Can I assign an interface management profile via CLI on the aggregate interfaces? E.g. ae1.100? When i type set network interface aggregate-ethernet and hit the "?" I can't see tha aggregate interfaces configured except ae1. I want to configured an interface management profile and assigned it to ae1.100 but on the cli it does not show except the ae1.
06-20-2020 09:16 AM
Hi,
You are half-way to reach your sub-interface to configure in your syntax.
network interface aggregate-ethernet ae1 layer3 unit 100 ?
After this you can configure required settings on the sub-interface.
06-20-2020 09:28 AM - edited 06-20-2020 09:30 AM
Hi,
So you do not have dedicated management interface of the firewall?
Normally we access firewall via Management interface ip address.
If you want to use Agg Interface and apply Management profile you can do this via GUI also.
In our setup we have say aggregate interface ae1 and we have applied management profile to ae1.100
From CLI you can do this way
set network interface aggregate-ethernet ae3 layer3 units
ae3. ae3.
ae3.3849 ae3.3849
<value> name value
06-20-2020 09:16 AM
Hi,
You are half-way to reach your sub-interface to configure in your syntax.
network interface aggregate-ethernet ae1 layer3 unit 100 ?
After this you can configure required settings on the sub-interface.
06-20-2020 09:28 AM - edited 06-20-2020 09:30 AM
Hi,
So you do not have dedicated management interface of the firewall?
Normally we access firewall via Management interface ip address.
If you want to use Agg Interface and apply Management profile you can do this via GUI also.
In our setup we have say aggregate interface ae1 and we have applied management profile to ae1.100
From CLI you can do this way
set network interface aggregate-ethernet ae3 layer3 units
ae3. ae3.
ae3.3849 ae3.3849
<value> name value
06-20-2020 07:52 PM
Will try your suggestion once we resume the support tomorrow. How about sub-interfaces? I also try on my virtual labs, I can't see on the CLI the sub-interfaces that I created.
06-20-2020 07:56 PM
They access the firewall via management interface but they only restrict it to one pc, unfortunately they forgot the password to that machine and can't login that's the only pc they use to access the firewall management interface.
I will try this tomorrow. I try to do a sub-interface on my virtual lab and it seems that I can't also see the sub-interfaces on the CLI when I try to apply an interface management profile
06-20-2020 08:06 PM
We have below sub interfaces on the PA 5220
a3.3749
a3.3756
Where A3 is Aggregate Interface
IF you use the command which I mention earlier you should see sub interfaces as I see on my PA.
IF you have Virtual PA in lab then as per my knowledge the VM does not support sub interfaces
06-20-2020 09:01 PM
I try the units on my sub-interfaces instead of aggregate interface and it works. I change the sub-interface interface management profile. I hope this will work tomorrow on our clients production networks. Will update once it works
06-21-2020 09:07 PM
Hi,
This resolves the issue. thanks a lot.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
