This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Screwed up management IP

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Screwed up management IP

Daniel_Stoltz
L0 Member

‎06-02-2017 11:35 AM

So I was configuring a new PA 200 using an XML file and I screwed up the management IP.  So I logged into what I thought was my new device, but was an existing already operational device and changed only it's management IP without changing default gateway and other information.  So now the device is inaccessable remotely.  Is there a way to SSH via HA, because that is still reporting up, or via GUI to get in and change that management IP back to what it needs to be, or am I stuck going onsite to console into the device. 

 

PanOS on the box is 7.0.12. 

0 Likes Likes
5 REPLIES 5

SuryaR
L3 Networker

‎06-02-2017 12:11 PM

What kind of interface management profile you have on the device. 

If you allow HTTPS and SSH on your data-interfaces. you should still be able to access it via E1/1,2,3,4..... 

 

Brandon_Wertz
L6 Presenter

‎06-02-2017 12:31 PM

I don't think there's a way to get into the appliance via HA, but perhaps you can get into the appliance via a physical interface if you had a management profile, with the appropriate access assigned to it?

 

Management_Profile.PNGInterfaces.PNG

0 Likes Likes

Daniel_Stoltz
L0 Member
In response to Brandon_Wertz

‎06-02-2017 02:16 PM

Unfortunately, it won't let me in via SSH on any other IPs.  Console it is.  Thanks for the help everyone. 

0 Likes Likes

gwesson
L7 Applicator
In response to Daniel_Stoltz

‎06-02-2017 02:44 PM

If your HA peer is up and reachable, you could add a management profile to one of the DP interfaces as suggested earlier to the peer device and commit that change. Config sync would go over HA1 or HA1-backup (if configured). Then you can SSH into the DP interface without having to go to the device physically if there's no console server.

pulukas
L7 Applicator
In response to Daniel_Stoltz

‎06-02-2017 05:21 PM

Your other option is to hop on a switch or router in the same subnet as the mgmt ip address and do the ssh from this device.

 

Then the communication is all over the local vlan and the missing default route will not matter.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
  • 2841 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks