- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
10-17-2024 01:09 AM
Hello @thanhlb
thanks for post.
Would it be possible to provide more details?
- What is name of the application? What do you see in Traffic / URL logs?
- Since there is different behavior between active and passive Firewall in HA pair, could you make sure that both Firewalls are in HA Sync status?
Kind Regards
Pavel
10-17-2024 01:24 AM
I using ESXi application. With same VLAN I can access, but different VLAN I cannot access.
10-17-2024 02:43 PM
Hello @thanhlb
thank you for reply.
As a next step I would check Traffic logs to see difference between both VLANs.
Kind Regards
Pavel
10-17-2024 04:12 PM
Validate in your traffic logs if you're seeing traffic from the other VLAN or not. It sounds like you're likely running into issues because you haven't enabled Promiscuous on the network interfaces on the ESXi side of things.
10-17-2024 07:08 PM
Hello PavelK
The traffic I see is still going right. I can still telnet to esxi with port 443.
10-17-2024 07:12 PM
Hello BPry,
I don't think so. Because when I reactivate device 2, I can still access it normally. This shows that there is no need to enable Promiscuous mode.
10-18-2024 10:20 PM
Promiscuous mode really isn't an optional thing unless you're manually configuring ESXi to use the MAC native to the firewall on layer3 interfaces. You either have promiscuous mode enabled when using Layer 2, virtual-wire, or tap interface modes or you are using hypervisor assigned MACs when using Layer3 deployments. The issue you have described is indicative of promiscuous mode not being enabled or the hypervisor assigned MAC not being selected. If you haven't done either of these this is expected behavior and you need to do one of the above (depending on how you have things configured) to address it.
Please review https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/vm-series/10-1/vm-series-deployment...
10-18-2024 11:50 PM
Hello BPry,
I tried configuring Promiscuous mode, but still can't access ESXi in other VLAN
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!