Firewall management IP.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Firewall management IP.

L2 Linker

Can the ip address for the firewall web interface be reached through a virtual wire, or is it required that a https management profile be assigned to a layer 2 or 3 interface?

1 accepted solution

Accepted Solutions

L7 Applicator

Hello Sir,

You can't point the service route through a V-wire interface. You need to connect the management interface to a gateway device or configure an L3 interface ( or subinterface) on the firewall with management profile.

Thanks

View solution in original post

6 REPLIES 6

L7 Applicator

Hello Sir,

You can't point the service route through a V-wire interface. You need to connect the management interface to a gateway device or configure an L3 interface ( or subinterface) on the firewall with management profile.

Thanks

L5 Sessionator

IP address of the firewalls management can be reached via virtual wire if the l3 device connected to one end of the virtual wire connects to the management interface through the vwire , else you can manage the device by configuring an interface management profile on a l3 interface.

sraghunandan - just an observation, that's an extremely weird use case in my opinion. If you were going to do such a thing wouldn't you just use a tap interface, and a separate management interface?

Plugging Vwire back around and into the firewall management port would be extremely weird, to me. Not a best practice.

Yes it is a weird use case and I have't seen anybody use it, I just provided a solution based on what he had requested.As you mentioned I would setup a separate management interface and instead of having it go through the vwire.

Right, no worries. I just wanted to emphasize how weird it looked in my head Smiley Happy

I agree with Eric here, bending over backwards to get a mgmt connection to run through a v-wire is just weird.

The correct answer is what Hulk notes above.  If you use v-wire you need to configure a mgmt port or L3 interface separate from the v-wire in order to connect to and manage the Palo Alto.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
  • 1 accepted solution
  • 3550 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!