reachability issue to PA FW interface vlan

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

reachability issue to PA FW interface vlan

L0 Member

there is high-available Paloalto fw PAN-OS 9.0.3-h3 connected to the same switch witch aggregate ethernet interface. interface VLANs created and on the firewall with ip address 10.1.1.1/24 to work as GW for some servers and other interface VLAN as GW for users with ip address 10.1.2.1/24. all thing was working fine and a change was required to make GW on a router that required to change the ip address of the interface vlans after changing the ip address to 10.1.1.88/24 and commit the change is rollbacked and I changed the IP address again to be 10.1.1.1/24.

when checking reachability between servers and FW (ping) it failed for troubleshooting interface vlan created on the switch when ping from fw using source interface 10.1.1.1 to this interface vlan it passed and ping from switch interface vlan to servers it also passed. but from fw to server failed which caused issue between servers and users vlan. when switchover done to passive fw all is working fine.

2 REPLIES 2

Cyber Elite
Cyber Elite

hi @Ahmed_Youssef 

 

it feels like you're trying to explain too much in too few words, could you break it down into a series of events? that may help in troubleshooting with you 🙂

 

 

thanks!

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Hi Ahemd,

 

Yes please explain bit more. Also best to start checking all the configs again there must be something you have overlooked or missed.

 

I am sure mgmt profile is attached to the interface and ping is allowed. you can also try traceroute from the problem server and see where it stops.

Thanks.

  • 2140 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!