This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

I am trying to get my firewall on the network for the first time.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

I am trying to get my firewall on the network for the first time.

Alleria
L1 Bithead

‎04-27-2021 11:51 PM

So far I cant ping the firewall from the network and I can't ping the gateway or any pcs from the firewall.  I have checked the arp table and I don't see any mac addresses there, so now I am starting to get concerned about the viability of this firewall.  However my experience with paloalto firewalls started with this device.  However my networking experience did not.  I am running on 6.01.  So obviously I would like to update the firewall so I can work with a more current version of PANOS.  Finding documentation for 6.01 has not been very fruitful.  

0 Likes Likes
16 REPLIES 16

SteveCantwell
Cyber Elite
Cyber Elite

‎04-28-2021 07:31 AM

Hello

You may need to do a factory reset on the FW, if you think the FW is the cause.

You should be plugged into the mgmt port (which will NOT show its mac address in the ARP table.  ARP is for the data plane ports).

Think of the mgmt port as nothing more than a linux computer.  It should have a IP/mask/default gw that is local to your network.

I would plug my computer directly into the Mgmt port of the FW, and eliminate any network issues.

 

Can you console into the box, vs ssh or web page to it?  From console you should try to ping out to your computer.

 

 

If the FW has a support contract on it, you may be able get it upgraded.   Without support, how would you plan to upgrade?

 

Thanks.

Help the community: Like helpful comments and mark solutions
0 Likes Likes

Alleria
L1 Bithead
In response to SteveCantwell

‎04-28-2021 08:03 AM

I am plugged into the management port and I started this process with a factory reset.
0 Likes Likes

Alleria
L1 Bithead
In response to SteveCantwell

‎04-28-2021 08:15 AM

Here is my deviceconfig

 

show deviceconfig
deviceconfig {
system {
ip-address 10.0.1.5;
netmask 255.255.255.0;
update-server updates.paloaltonetworks.com;
update-schedule {
threats {
recurring {
weekly {
day-of-week wednesday;
at 01:02;
action download-only;
}
}
}
}
timezone US/Pacific;
service {
disable-telnet yes;
disable-http yes;
}
hostname PA-3020;
default-gateway 10.0.1.1;
dns-setting {
servers {
primary 10.0.1.1;
}
}
}
setting {
config {
rematch yes;
}
management {
hostname-type-in-syslog FQDN;
}
}
}
[edit]
admin@PA-3020#

 

 

If there is another show command you would like to see let me know. 

0 Likes Likes

MP18
Cyber Elite
Cyber Elite
In response to Alleria

‎04-28-2021 09:46 PM - edited ‎04-28-2021 09:47 PM

@Alleria 

 

Also make sure Under Management interface Ping option is checked.

Also you can connect your PC to Management Interface of firewall and assign it IP in same subnet range and same gateway.

Then you can test whether you can ping the gateway from your PC or not?

 

Also is that gateway reachable from your network?

 

Regards

MP
0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks