Shutdown/Disable MGMT interface due to DNS issues

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Shutdown/Disable MGMT interface due to DNS issues

L4 Transporter

Hi Guys,

 

I got a simple question for you:

 

Is it possible to literally disable/shutdown mgmt interface, via CLI or webUI, in a VM enviroment when is not needed?

 

I notice a DNS issue after we have deleted the IP address assigned to the MGMT interface via cli with command:

"delete deviceconfig system ip-address"

 

Obviously we have made PA reachable from another interface ethernet1/1, configuring every "service route configuration" on this specific ethernet1/1.

Unfortunately DNS queries were not working properly even if service route configuration was set on ethernet1/1.

 

I configured fake IP address on MGMT interface.. and guess what happened? DNS queries start working properly.

From my point of view this kind of command "delete deviceconfig system ip-address" should be banned haha 🙂

 

In order to avoid future issues, is there a way to clean the entire mgmt configuration or literally shut down it?

 

Bye

Luca

6 REPLIES 6

Cyber Elite
Cyber Elite

@TheRealDiz,

I don't believe that you can actually disable the port completely. You can disable it to the point where it's essentially a nothing port, but I think it'll always be 'enabled'. Which is kind of odd, because it makes it seem like you can disable it completely in the GUI? 

In VM environment uncheck "Connected" and "Connect at power on" in VM setting on Network adapter 1.

Network adapter 1 - Palo mgmt

Network adapter 2 - ethernet1/1

etc...

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

Hi @BPry,

 

Thank you for your reply! Sorry for the wait I was very busy during these week.

Via GUI there was no way to disable mgmt interface but via CLI was possible to issue command mentioned in my post.

It has caused some strange issues with DNS, PA-VM sometimes was able to solve domains and sometimes not.

 

That's why I'm asking if there is a way to disable mgmt interface or leaves it without IP when is not needed.

 

BR

Luca

Hi @Raido_Rattameister,

 

I know I've seen what you described, infact starting from this mechanism (NIC0 = mgmt NIC1= eth1 etc. ...) my question is if it's possible to disable mgmt interface when is not needed.

 

But no problem guys at the end I have basically assigned to mgmt a non-used IP 2.2.2.2 and I have finalized my configuration on eth1 🙂

 

Thanks for your reply!

Luca

@TheRealDiz,

Just FYI, you may want to switch to a proper RFC address instead of using an IP address that is actually assigned to Orange in the France 😉 

Hi @BPry,
That’s right haha!
It doesn’t matter actually it was only for test purposes 🙂

(I’ll keep that in mind)
  • 7244 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!