This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Troubleshoot VM Panorama with multiple interfaces

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience.

Troubleshoot VM Panorama with multiple interfaces

aleksandar.astardzhiev
Cyber Elite
Cyber Elite

‎02-12-2020 03:55 AM

Hi All,

 

We have few virtual Panoramas running 8.1 that are needs to managed firewalls into two different zones with no connection between them. For that reason we have configured the Panorama with multiple interface.

- The mgmt interface in used for access to the Panorama as well as managing some if the firewalls

- Eth1/1 interface is used for managing the rest of the firewalls in the second zone

 

We already have few similar setups and everything is working fine. During the last setup we had few typos in the panorama config (the default gw for the eth1/1 was wrong and the fw ip was not in the permitted IPs)

 

My real problem is that there is no way you can troubleshoot the connectivity between the firewall and the panorama on the second interface.

- The tcpdump command on the panorama is listening only on the mgmt interface and it seems there is no way you can see what is hitting the second interface.

- It seems panorama doesn't support the "packet capture" similar to the firewalls.

- It seems you cannot "show interface" for status and statistics any non-management interface on the panorama

 

From my point of view there is no way you can confirm if traffic from the firewall is reaching the panorama and if yes, does it reply - if the firewall is connecting to non-management interface on the panorama.

 

I was hoping if any of you have find some any commands that can help troubleshoot connectivity over non-management interface.

 

0 Likes Likes
2 REPLIES 2

batd2
L4 Transporter

‎02-20-2020 07:21 AM

@aleksandar.astardzhiev I am not sure what Panorama model and PanOS version you have, but we have physical M applience on 8.1 and the interface troubleshooting commands are there, e.g."> show interface ethernet1/2",  "> tcpdump interface ethernet1/2" . 

 

0 Likes Likes

aleksandar.astardzhiev
Cyber Elite
Cyber Elite
In response to batd2

‎02-25-2020 11:23 PM

Hi @batd2,

 

All of our Panoramas are virtual. All of them are running on 8.1 and none of them support the command you have:

user@panorama> show interface 
  management   Show management interface information

user@panorama> show interface ethernet1/1
ethernet1/1 is not one of <management>

Invalid syntax.

 

It seems that the physical devices are supporting these commands, but the virtual don't. Which is weird...

0 Likes Likes
  • 2853 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks