This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

PAN OS OVA not pingable from pc

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PAN OS OVA not pingable from pc

faziz123
L1 Bithead

‎06-03-2016 02:37 AM

I have .ova PAN 6.1, I imported to VMware, and I have another Guest PC in same VMware, both pan OS & PC have Network adapter connect to VMnet 1 (Host only), The PC have IP address 10.5.5.5, default GW: 10.5.5.250, and PAN Inside Interface 1/2: 10.5.5.250, but I can't ping from PC to Pan ova?

Please need your help..

0 Likes Likes
8 REPLIES 8

faziz123
L1 Bithead

‎06-03-2016 02:45 AM

also i created security plus NAT policy but still

0 Likes Likes

kiwi
Community Team Member
In response to faziz123

‎06-03-2016 02:49 AM

Does your interface have a management profile allowing it to be pinged ?

 

Hope it helps.

Kim.

 

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
0 Likes Likes

faziz123
L1 Bithead
In response to kiwi

‎06-03-2016 03:20 AM

Yes i configured already and pingable but still the main issue, which is from Guest PC can't access internet but from PaloAlto i can ping internet but from PC i couldn't, I thought bcz can't reach inside interface, but now reachble inside interface

 

Is there any debug tool i can check from PAN if there is traffic come in to inside interface?

0 Likes Likes

kiwi
Community Team Member
In response to faziz123

‎06-03-2016 04:25 AM

Since it's pingable now I am pretty sure traffic is reaching the inside interface.

 

You might want to check traffic log or check global counters to see if the firewall is dropping this and why it is doing so :

 

How-to-Troubleshoot-Using-Counters-via-the-CLI

 

Cheers !

-Kim.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
0 Likes Likes

faziz123
L1 Bithead
In response to kiwi

‎06-03-2016 05:14 AM

I see packet drops increse for inside interface, but I do not know why pan drops packets?

even i have security and nat policy for any just to make sure but still

0 Likes Likes

kiwi
Community Team Member
In response to faziz123

‎06-03-2016 05:27 AM

Hi @faziz123

 

Check the global counters.  

This should give you an indication why the packets are being dropped.

 

Cheers,

Kim.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
0 Likes Likes

Transporter
L3 Networker

‎06-06-2016 07:09 AM

Hi,

 

Ok what is  a DNS server configured on the PC.? Please use 8.8.8.8

Try to ping from the PC to 8.8.8.8 and let me know if it works 

 

Cheers

0 Likes Likes

Netwerkbeheer-Outsourcing
L1 Bithead

‎06-06-2016 10:07 AM

I see your using a vm, have you configured the interfaces to use the mac adress the hypervisor assigns? this is an option in the device config. an other option is to make your portgroup promiscuous. This is because the paloalto in normal opperation will assign it's own mac adress and esx's vswitch will filter those packets.

  • 3821 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks