This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

MGMT interface routing questions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

MGMT interface routing questions

MikeSangray2019
L3 Networker

‎08-11-2021 11:17 AM

When I configure the mgmt interface on its own network and I use the PA for routing, do I need to setup a static route to access the HTTP interface from a different network? Or does a service route take care of this automatically?

 

I have an HA active/standby pair, do service routes need to be configured on each device?

0 Likes Likes
2 REPLIES 2

LAYER_8
L5 Sessionator

‎08-11-2021 11:24 AM

If the MGT interface is plugged into a downstream switch that acts as a terminus for your LAN/IAPs, then you can access the MGT portal. If you have your MGT interface isolated on a VLAN, yet still want to access it from the users interface, you would create an interface management profile

 

Whatever changes you make to one device, these populate over to the other in an HA pair configuration. 

Help the community! Add tags and mark solutions please.
0 Likes Likes

Remo
L7 Applicator
In response to LAYER_8

‎08-11-2021 12:06 PM

In addition to what @LAYER_8 already wrote. From a dataplane interface you cannot connect to the management interface. Dataplane and management plane have separated routing tables. You can access the cli/webui over a dataplane interface by configuring an interface management profile. But in an active/standby pair this way you will be able to access only the active firewall. 

The service routes are used if you want to send some management traffic out of another interface than the management interface (for example that the firewall connect to the update servers directly from the internet facing interface).

In an active/standby high availability pair not everything is synced. All the configurations that are not synced you can find here: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/high-availability/reference-ha-synchroniza...

0 Likes Likes
  • 2981 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks