This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Replicating vSwitch NIC status to a NGFW VM (ESXi)

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.

Replicating vSwitch NIC status to a NGFW VM (ESXi)

Go to solution
Josh_Levine
L1 Bithead

‎01-02-2025 12:57 PM

Greetings all,

 

I wanted to see if anyone has successfully replicated the status of a host NIC attached to a vSwitch to a Palo Alto NGFW VM in ESXi 8? 

Right now, all ports always remain up because the virtual switch they are attached to remain up. It seems like this should be a trivial configuration, but I can't figure it out for the life of me. 

I blame JRSS
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
Josh_Levine
L1 Bithead

‎01-06-2025 11:22 AM

Thanks for the response, Lisa! 

I actually just managed to get it working. I think the issue I was running into was due to the specific ESXi compatibility level set on the OVA out of the box. I upgraded the hardware compatibility on the OVA to ESXi 8.0, and now the interface status replicates properly when the NIC is in passthrough mode. 

I blame JRSS

View solution in original post

0 Likes Likes
2 REPLIES 2

Go to solution
lisa52smith
L0 Member

‎01-04-2025 02:03 AM

It sounds like you're trying to get the Palo Alto NGFW VM to reflect the true status of the physical NICs on your ESXi host, which can be a bit tricky. Here are a few steps you can try:

Promiscuous Mode: Ensure that Promiscuous Mode is enabled on the vSwitch. This allows the VM to see all network traffic.

MAC Address Changes: Enable MAC Address Changes on the vSwitch. This allows the VM to change its MAC address, which is often necessary for proper operation.

Forged Transmits: Enable Forged Transmits on the vSwitch. This allows the VM to send packets with a different source MAC address than its own.

Direct NIC Assignment: Assign the physical NICs directly to the VM-Series Firewall instead of using a vSwitch. This might help in reflecting the true status of the NICs.

0 Likes Likes
(1)

Go to solution
Josh_Levine
L1 Bithead

‎01-06-2025 11:22 AM

Thanks for the response, Lisa! 

I actually just managed to get it working. I think the issue I was running into was due to the specific ESXi compatibility level set on the OVA out of the box. I upgraded the hardware compatibility on the OVA to ESXi 8.0, and now the interface status replicates properly when the NIC is in passthrough mode. 

I blame JRSS
0 Likes Likes
  • 1 accepted solution
  • 198 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks