- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
12-26-2019 09:10 AM - edited 12-26-2019 09:13 AM
We have a setup with a network connection into a PA5020 firewall that has a single out interface configured to a Server. Due to configuration (No Switch) we need to be able to access the Management port via one of the unused ethernet interfaces with a laptop. We can't set the ip of the laptop but can have it pull a DHCP address. The server does not have GUI support loaded. So what i'm trying to do is
Set an interface (1/11) to be a DHCP server and allow connection only to 1/12. We want 1/12 to be a connection to the managment port of the firewall. We want to connect a laptop and access the Management interface via the GUI/Browser.
Is this possible? I've seen how to set up DHCP and how to use a jumper cable from an interface to the mgt port. But setting the 1/11 and 1/12 to be local /28 ip's i'm getting Virtual router errors when testing the commit. Overlapping ip's. "In virtual-router Management-Router: address 192.168.0.3/28 on interface 1/12 has overlapping subnet with address 192.168.0.3/28 on interface ethernet1/11. (Module: routed)."
I've done the following
Configure 1/11 with 192.168.0.2/28
Configure 1/12 with 192.168.0.3/28
Configure Mgmt-Zone as Layer 3 to include 1/11 and 1/12
Configure Management-Router to include 1/11 and 1/12
Configure DHCP server on interface 1/11 with pool 192.168.0.4-192.168.0.14
I haven't even tried to jumper to the mgt port.
12-26-2019 10:00 AM
Good Day
I am not sure if I would agree that you NEED to use the Mgt port at all.
If you configure your interface as it is...
Configure 1/11 with 192.168.0.2/28
You can get DHCP from 1/11, but also, you can manage the FW using the 1/11 interface IP.
You would configure an Interface Mgmt Profile to allow things like ping, https, snmp, etc.
This makes your configuration so much easier than what you are attempting. 😛
Will this work... just a single interface for DHCP and managing the FW?
That is one hurdle.... there are more to come.
There are about 20 mgmt services (PANW-DB, Panorama, LDAP, Radius, Dynamic Updates, etc., that are expected to be on the mgt. You can research Service Routes in the admin guide to change them to use either 1/11 vs mgmt.
12-26-2019 10:00 AM
Good Day
I am not sure if I would agree that you NEED to use the Mgt port at all.
If you configure your interface as it is...
Configure 1/11 with 192.168.0.2/28
You can get DHCP from 1/11, but also, you can manage the FW using the 1/11 interface IP.
You would configure an Interface Mgmt Profile to allow things like ping, https, snmp, etc.
This makes your configuration so much easier than what you are attempting. 😛
Will this work... just a single interface for DHCP and managing the FW?
That is one hurdle.... there are more to come.
There are about 20 mgmt services (PANW-DB, Panorama, LDAP, Radius, Dynamic Updates, etc., that are expected to be on the mgt. You can research Service Routes in the admin guide to change them to use either 1/11 vs mgmt.
12-26-2019 11:01 AM
Thank you very much. i'm on it now.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!