03-23-2018 08:11 AM - edited 03-23-2018 08:17 AM
Hi Guys,
I got a simple question for you:
Is it possible to literally disable/shutdown mgmt interface, via CLI or webUI, in a VM enviroment when is not needed?
I notice a DNS issue after we have deleted the IP address assigned to the MGMT interface via cli with command:
"delete deviceconfig system ip-address"
Obviously we have made PA reachable from another interface ethernet1/1, configuring every "service route configuration" on this specific ethernet1/1.
Unfortunately DNS queries were not working properly even if service route configuration was set on ethernet1/1.
I configured fake IP address on MGMT interface.. and guess what happened? DNS queries start working properly.
From my point of view this kind of command "delete deviceconfig system ip-address" should be banned haha 🙂
In order to avoid future issues, is there a way to clean the entire mgmt configuration or literally shut down it?
Bye
Luca
03-23-2018 11:41 AM
I don't believe that you can actually disable the port completely. You can disable it to the point where it's essentially a nothing port, but I think it'll always be 'enabled'. Which is kind of odd, because it makes it seem like you can disable it completely in the GUI?
03-23-2018 12:33 PM
In VM environment uncheck "Connected" and "Connect at power on" in VM setting on Network adapter 1.
Network adapter 1 - Palo mgmt
Network adapter 2 - ethernet1/1
etc...
04-10-2018 03:03 AM
Hi @BPry,
Thank you for your reply! Sorry for the wait I was very busy during these week.
Via GUI there was no way to disable mgmt interface but via CLI was possible to issue command mentioned in my post.
It has caused some strange issues with DNS, PA-VM sometimes was able to solve domains and sometimes not.
That's why I'm asking if there is a way to disable mgmt interface or leaves it without IP when is not needed.
BR
Luca
04-10-2018 05:39 AM
I know I've seen what you described, infact starting from this mechanism (NIC0 = mgmt NIC1= eth1 etc. ...) my question is if it's possible to disable mgmt interface when is not needed.
But no problem guys at the end I have basically assigned to mgmt a non-used IP 2.2.2.2 and I have finalized my configuration on eth1 🙂
Thanks for your reply!
Luca
04-10-2018 11:07 AM
Just FYI, you may want to switch to a proper RFC address instead of using an IP address that is actually assigned to Orange in the France 😉
04-10-2018 11:52 AM
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
