Problem with connectivity to my lab network

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Problem with connectivity to my lab network

L2 Linker

So I'm running some PA's inside a Eve-NG lab environment. Everything has connection to everything, including to my local PC with one caveat. When I ping out the PaloAlto firewall to an address I need to specify a source interface or it deems host Unreachable.  I believe this is causing my PC to not be able to ping the PaloAlto interfaces either (although it is able to ping routers/other nodes in the eve-ng lab network). 

 

I need my PC to be able to ping the PaloAlto interfaces to run some Python scripts I'm testing. 

 

So I ahve no experience in PA firewalls, with some light hands on work with firewalls in general...

 

And so I'm pulling my hair out trying to be able to ping the PA firewalls from my PC (there's a static route defined on the PC, it can reach other nodes..  the PA can reach the PC when specifying a source interface.. but neither can reach eachother otherwise). The PA can't reach the other nodes in my lab network without specifying a source address. I have added a default gateway to the directly connected router.

 

Right now I'm just doing pings, the only difference will be eventually working on SSH, so I can login to the firewalls and run my scripts.

 

I'm really trying to figure this connectivity issue out if anyone may have suggestions? I went as far as wanting to add the management interface to OSPF, I didn't find anything that allowed me to do that.  

 

 

Any ideas/leads as to what may be casuing this?  I'm thinking if I resolve being able to ping out without specifying a source address, I would also be able to ping in.

1 accepted solution

Accepted Solutions

L2 Linker

Okay so i don't know what i did.

 

the very last configuration I did was:

 

set deviceconfig system default-gateway 10.1.5.9

 

and now I have full reachability.

 

And now I can SSH to the device (hopefully) through Python to run my scripts.

 

I had this command

set deviceconfig system default-gateway 10.1.5.9

 

configured earlier, as noted by my "show" under configuration mode, but i was force commiting with potential errors...

I just tried it and I have conenctivity from my localhost to the PA firewalls in my lab environment...

 

View solution in original post

5 REPLIES 5

L2 Linker

I also set up the default gateway via

 

set deviceconfig system default-gateway 10.1.5.9 (next directly connected router) no luck 😞

Cyber Elite
Cyber Elite

If you don't specify source IP when pinging the ping goes out from mgmt interface.

If you do specify source IP then ping goes out from dataplane interace that has that IP.

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

L2 Linker

Okay so i don't know what i did.

 

the very last configuration I did was:

 

set deviceconfig system default-gateway 10.1.5.9

 

and now I have full reachability.

 

And now I can SSH to the device (hopefully) through Python to run my scripts.

 

I had this command

set deviceconfig system default-gateway 10.1.5.9

 

configured earlier, as noted by my "show" under configuration mode, but i was force commiting with potential errors...

I just tried it and I have conenctivity from my localhost to the PA firewalls in my lab environment...

 

Is this normal behavior. for example when PaloAlto engineers are testing connectivity are they typically specifying a source interface?

As mentioned earlier if you don't specify source IP then ping request goes out from mgmt interface.

So if you want ping to source from specific IP you must specify it.

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011
  • 1 accepted solution
  • 848 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!