08-23-2019 12:35 PM
We have an issue with an interface that is talking weirdly. We have changed ports to rule out hardware, and I can work ok with a laptop in the same switchport. The line comes from Verizon's media converter to a switch that is connected to the pair of HA firewalls and an HA pair of load balancers that use different addresses in the subnet.
The interface is assigned a public address from a pool of static addresses. We can see inbound traffic in captures and we can see the interface arp the next hop, but there's no entry in the arp table and outbound traffic goes nowhere.
Since the line comes from a media converter, Verizon says there's nothing to troubleshoot on their end, the switch shows the port up and normal and like I mentioned, I can plug in my laptop and get in and out without issue. Pulling may hair out, any assistance is appreciated.
Jim
08-23-2019 03:06 PM
Hello.
First, let me laugh/smirk at the comments from the telecos. Always saying "not our problem!".
I have seen this time and again from ISPs, and I tend to engineer my own solution......
As VZ is not planning to help, the best/fastest suggestion I have is to create a static arp entry for the IP/mac of the gateway.
You can modify the interface on the FW, go to the Advance tab, and enter in the static arp entry.
Now, your FW has the mac address to be used, and you do not need to pull your hair out.
Definitely NOT a PANW FW issue.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
