01-04-2024 02:15 AM
Hi Team,
Is it mandatory to configure the Management Interface on firewall if we plan to manage the firewalls via Panorama?
I am trying to setup connection from the firewall to manage it over the Panorama but unable to get the connection.
Even TAC was saying it is necessary to have Mgmt interface if we manage it over Panorama. But in Service Policy i can see an option for Panorama to change the interface other than default. So it should work is what i think. Please suggest.
Regards
Sanjay S
01-04-2024 04:43 AM
Hello @Sanjay_Ramaiah
I had a few Firewalls where circumstances forced me to use data plane interface instead of management interface to register Firewall to Panorama, so I can confirm from my own experience that it is possible. I do not recall memory to do anything special than making a change in service route to use data plane interface. Can you see any clue any traffic logs?
Kind Regards
Pavel
01-04-2024 06:29 AM
Hi @PavelK ,
That's good to know. Thank you! Since the management traffic is always initiated by the NGFW, do we even need an Interface Management Profile?
Thanks again,
Tom
01-04-2024 01:14 PM
Hi @TomYoung
to be honest I never tried this without management profile being attached to an interface, however I think you are right. If Firewall is completely managed by Panorama it should work without it.
Kind Regards
Pavel
01-10-2024 12:02 AM
Thanks All, I am still working on this.
Issue still not resolved but TAC says that it is must to have Mgmt interface configured. But i dont find any document says that it is must to configure the Mgmt interface. Will keep this chain updated.
Regards,
Sanjay S
01-10-2024 04:37 AM
Hi @Sanjay_Ramaiah ,
Did you change ALL the service routes to the data plane interface?
Thanks,
Tom
01-18-2024 02:48 AM
Hi Tom,
No, not all the service routes but only the DNS, Radius and now Panorama. Whichever is required only those i changed.
Will that cause an issue at all?
Regards,
Sanjay S
01-18-2024 05:43 AM
Hi @Sanjay_Ramaiah ,
Since you do not plan to use the management interface, I will configure all the service routes the same. The service routes you listed should be all you need, but it is not working. Let's see if this makes a difference.
Thanks,
Tom
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
