reachability issue to PA FW interface vlan

Reply
Highlighted
L0 Member

reachability issue to PA FW interface vlan

there is high-available Paloalto fw PAN-OS 9.0.3-h3 connected to the same switch witch aggregate ethernet interface. interface VLANs created and on the firewall with ip address 10.1.1.1/24 to work as GW for some servers and other interface VLAN as GW for users with ip address 10.1.2.1/24. all thing was working fine and a change was required to make GW on a router that required to change the ip address of the interface vlans after changing the ip address to 10.1.1.88/24 and commit the change is rollbacked and I changed the IP address again to be 10.1.1.1/24.

when checking reachability between servers and FW (ping) it failed for troubleshooting interface vlan created on the switch when ping from fw using source interface 10.1.1.1 to this interface vlan it passed and ping from switch interface vlan to servers it also passed. but from fw to server failed which caused issue between servers and users vlan. when switchover done to passive fw all is working fine.

Highlighted
L7 Applicator

Re: reachability issue to PA FW interface vlan

hi @Ahmed_Youssef 

 

it feels like you're trying to explain too much in too few words, could you break it down into a series of events? that may help in troubleshooting with you

 

 

thanks!

reaper - PANgurus.com
I drink and I know things
Highlighted
L2 Linker

Re: reachability issue to PA FW interface vlan

Hi Ahemd,

 

Yes please explain bit more. Also best to start checking all the configs again there must be something you have overlooked or missed.

 

I am sure mgmt profile is attached to the interface and ping is allowed. you can also try traceroute from the problem server and see where it stops.

Thanks.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!