How to configure 1/11 to be dhcp and 1/12 to connect to management PanOS 8.1.10

Reply
Highlighted
L1 Bithead

How to configure 1/11 to be dhcp and 1/12 to connect to management PanOS 8.1.10

We have a setup with a network connection into a PA5020 firewall that has a single out interface configured to a Server. Due to configuration (No Switch) we need to be able to access the Management port via one of the unused  ethernet interfaces with a laptop. We can't set the ip of the laptop but can have it pull a DHCP address. The server does not have GUI support loaded. So what i'm trying to do is

 

Set an interface (1/11) to be a DHCP server and allow connection only to 1/12. We want 1/12 to be a connection to the managment port of the firewall. We want to connect a laptop and access the Management interface via the GUI/Browser. 

Is this possible? I've seen how to set up DHCP and how to use a jumper cable from an interface to the mgt port. But setting the 1/11 and 1/12 to be local /28 ip's i'm getting Virtual router errors when testing the commit. Overlapping ip's. "In virtual-router Management-Router: address 192.168.0.3/28 on interface 1/12 has overlapping subnet with address 192.168.0.3/28 on interface ethernet1/11. (Module: routed)."

I've done the following

Configure 1/11 with 192.168.0.2/28

Configure 1/12 with 192.168.0.3/28

Configure Mgmt-Zone as Layer 3 to include 1/11 and 1/12

Configure Management-Router to include 1/11 and 1/12

Configure DHCP server on interface 1/11 with pool 192.168.0.4-192.168.0.14

 

I haven't even tried to jumper to the mgt port.


Accepted Solutions
Highlighted
Cyber Elite

Re: How to configure 1/11 to be dhcp and 1/12 to connect to management PanOS 8.1.10

Good Day

 

I am not sure if I would agree that you NEED to use the Mgt port at all.

If you configure your interface as it is...

Configure 1/11 with 192.168.0.2/28

 

You can get DHCP from 1/11, but also, you can manage the FW using the 1/11 interface IP.

You would configure an Interface Mgmt Profile to allow things like ping, https, snmp, etc.

 

This makes your configuration so much easier than what you are attempting. 

 

Will this work... just a single interface for DHCP and managing the FW?

 

That is one hurdle.... there are more to come.

 

There are about 20 mgmt services (PANW-DB, Panorama, LDAP, Radius, Dynamic Updates, etc., that are expected to be on the mgt.  You can research Service Routes in the admin guide to change them to use either 1/11 vs mgmt.

 

 

Help the community: Like helpful comments and mark solutions

View solution in original post


All Replies
Highlighted
Cyber Elite

Re: How to configure 1/11 to be dhcp and 1/12 to connect to management PanOS 8.1.10

Good Day

 

I am not sure if I would agree that you NEED to use the Mgt port at all.

If you configure your interface as it is...

Configure 1/11 with 192.168.0.2/28

 

You can get DHCP from 1/11, but also, you can manage the FW using the 1/11 interface IP.

You would configure an Interface Mgmt Profile to allow things like ping, https, snmp, etc.

 

This makes your configuration so much easier than what you are attempting. 

 

Will this work... just a single interface for DHCP and managing the FW?

 

That is one hurdle.... there are more to come.

 

There are about 20 mgmt services (PANW-DB, Panorama, LDAP, Radius, Dynamic Updates, etc., that are expected to be on the mgt.  You can research Service Routes in the admin guide to change them to use either 1/11 vs mgmt.

 

 

Help the community: Like helpful comments and mark solutions

View solution in original post

Highlighted
L1 Bithead

Re: How to configure 1/11 to be dhcp and 1/12 to connect to management PanOS 8.1.10

Thank you very much. i'm on it now. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!