Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Unable to access HTTP & HTTPS

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Unable to access HTTP & HTTPS

L1 Bithead

When I switch from passive to active, I can't access the application via http and https. But I can ping and telnet the application via port 443

8 REPLIES 8

Cyber Elite
Cyber Elite

Hello @thanhlb

 

thanks for post.

 

Would it be possible to provide more details?

 

- What is name of the application? What do you see in Traffic / URL logs?

- Since there is different behavior between active and passive Firewall in HA pair, could you make sure that both Firewalls are in HA Sync status?

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

I using ESXi application. With same VLAN I can access, but different VLAN I cannot access.

thanhlb_0-1729153435487.png

 

Cyber Elite
Cyber Elite

Hello @thanhlb

 

thank you for reply.

 

As a next step I would check Traffic logs to see difference between both VLANs.

 

Kind Regards

Pavel 

 

 

Help the community: Like helpful comments and mark solutions.

Cyber Elite
Cyber Elite

@thanhlb,

Validate in your traffic logs if you're seeing traffic from the other VLAN or not. It sounds like you're likely running into issues because you haven't enabled Promiscuous on the network interfaces on the ESXi side of things. 

Hello PavelK

The traffic I see is still going right. I can still telnet to esxi with port 443.

Hello BPry,

 

I don't think so. Because when I reactivate device 2, I can still access it normally. This shows that there is no need to enable Promiscuous mode.

Cyber Elite
Cyber Elite

@thanhlb,

Promiscuous mode really isn't an optional thing unless you're manually configuring ESXi to use the MAC native to the firewall on layer3 interfaces. You either have promiscuous mode enabled when using Layer 2, virtual-wire, or tap interface modes or you are using hypervisor assigned MACs when using Layer3 deployments. The issue you have described is indicative of promiscuous mode not being enabled or the hypervisor assigned MAC not being selected. If you haven't done either of these this is expected behavior and you need to do one of the above (depending on how you have things configured) to address it. 

 

Please review https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/vm-series/10-1/vm-series-deployment...

Hello BPry,

 

I tried configuring Promiscuous mode, but still can't access ESXi in other VLAN

  • 641 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!